Is Normcore EU-GDPR compliant?
Hey, Is Normcore EU-GDPR compliant? Any other Security Certification like ISO 27001 / SOC2?
18 Replies
Hi @leitwolf. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
I apologize, but I don't have enough specific information in the provided knowledge sources to definitively answer whether Normcore is EU-GDPR compliant or if it has certifications like ISO 27001 or SOC2.
The documentation provided doesn't explicitly mention GDPR compliance or these specific security certifications. However, I can share some related information about Normcore's security and data handling practices:
1. Normcore encrypts all public connections with TLS Setup cert-manager (https://normcore.io/documentation/normcore-private/on-premises/google-cloud-installation#setup-cert-manager).
2. For Normcore Private, there's an option to host it yourself to ensure complete control over your data Normcore Private (https://normcore.io/documentation/normcore-private).
3. Normcore uses WebRTC which includes TLS/DTLS encryption Transport (https://normcore.io/documentation/architecture/transport).
For definitive information about GDPR compliance and specific security certifications, I recommend contacting Normcore directly or checking their official website for any updated compliance information that may not be reflected in these knowledge sources.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@700389797981585470> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
We are a GDPR compatible data processor on Normcore Public and Normcore Private. For ISO 27001 / SOC2 you'll need to get Normcore Private.
Thanks! GDPR is already great. Do you have a link to the privacy statement. I want to use it for a project in EU and I have prove it is compliant.
Like a DPA? I don’t think we have a privacy statement as we only operate as a Data Processor, not the customer-facing Data Controller, but I can check
Yes, unfortunately this are EU requirements.
right but you need a DPA from us
I want to make sure you’re getting the right forms
Thanks
@maxweisel would be if you could check this today. Tomorrow I have the kick-off and I hope to convince everyone to switch to Normcore. The SDK is really nice and more modern in comparison to competitors.
It's on our list, but I don't think I'm going to be able to get it for you this week unfortunately.
This is ok. I'm fine with that you say it is possible and you are on it.
By they way, thanks for the incredible fast support!
sure thing!
@maxweisel generally client is open to use Normalcore. Can we check this in detail with DPA. I like the platform and I consider to use it for my projects. Can we have call to discuss a few things?
I'm happy to answer any questions you all have on Discord, unfortunately, we're unable to accommodate calls for Normcore Public accounts at this time.
Ok, first I need a ensure public tier EU-GDPR compliance / DPA - hard requirement in EU. Second, I'm also interested to learn more about the Private tier, especially pricing. It might be interesting for some of my clients. I believe it is also possible to host in on Microsoft Azure because it seems to be a Kubernetes cluster, correct?
Normcore Public is EU-GDPR compliant as a Data Processor.
Normcore Private is a private copy of the same infrastructure, but hosted on dedicated servers of your choosing. There’s also a self-hosted on-premises version that is compatible with Azure. We require a $150K USD minimum annual spend for Normcore Private.
Thanks, @maxweisel . Great to hear that Normcore Public is EU-GDPR compliant as a Data Processor. However, to meet our compliance needs, we’ll need a formal DPA that documents this compliance. Could you provide a DPA for the public offering?
Also, thanks for the information on the Private tier, but that seems more suited to large-scale projects. For now, we’ll proceed with the current project using the public offering.
Yes, it's on my list. It may take me a minute as we're always a little slammed going into the holidays.
ok, thanks!