While Socrative is owned and operated in Canada, data is stored in secure servers in the US using Amazon Web Services. Amazon is ISO 27001, 27017, and 27018 certified. For more information on Amazon's compliance programs, click here.
There is no obligation under the GDPR for personal data to be stored in the EU, and it is permissible for the data to be transferred internationally as long as it is adequately protected.
AWS's primary data storage is in the US and all Socrative account information is solely stored in the US. AWS has temporary backup servers located in Canada, Australia, South America (San Paolo, Brazil), and Asia (Mumbai, India; Seoul, South Korea; Singapore; and Tokyo, Japan) where non personally-identifiable assignment data could be stored.
The Standard Contractual Clauses will be employed for any transfer of personal data by AWS or any of its sub-processors to South America, Asia, or Australia.
Both Socrative and AWS are certified under the US Privacy Shield Framework and committed to adhere to these policies which are enforceable under US law. See Socrative's Privacy Shield Certification here.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide a method of ensuring offers an acceptable level of data protection, by requiring that they certify according to the requirements of the Framework.
If you have questions about the storage or transfer of Socrative's data, please contact us at firstname.lastname@example.org.