Is Normcore EU-GDPR compliant?
Hey, Is Normcore EU-GDPR compliant? Any other Security Certification like ISO 27001 / SOC2?
20 Replies
Hi @leitwolf. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
I apologize, but I don't have enough specific information in the provided knowledge sources to definitively answer whether Normcore is EU-GDPR compliant or if it has certifications like ISO 27001 or SOC2.
The documentation provided doesn't explicitly mention GDPR compliance or these specific security certifications. However, I can share some related information about Normcore's security and data handling practices:
1. Normcore encrypts all public connections with TLS Setup cert-manager (https://normcore.io/documentation/normcore-private/on-premises/google-cloud-installation#setup-cert-manager).
2. For Normcore Private, there's an option to host it yourself to ensure complete control over your data Normcore Private (https://normcore.io/documentation/normcore-private).
3. Normcore uses WebRTC which includes TLS/DTLS encryption Transport (https://normcore.io/documentation/architecture/transport).
For definitive information about GDPR compliance and specific security certifications, I recommend contacting Normcore directly or checking their official website for any updated compliance information that may not be reflected in these knowledge sources.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@700389797981585470> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
We are a GDPR compatible data processor on Normcore Public and Normcore Private. For ISO 27001 / SOC2 you'll need to get Normcore Private.
Thanks! GDPR is already great. Do you have a link to the privacy statement. I want to use it for a project in EU and I have prove it is compliant.
Like a DPA? I don’t think we have a privacy statement as we only operate as a Data Processor, not the customer-facing Data Controller, but I can check
Yes, unfortunately this are EU requirements.
right but you need a DPA from us
I want to make sure you’re getting the right forms
Thanks
@maxweisel would be if you could check this today. Tomorrow I have the kick-off and I hope to convince everyone to switch to Normcore. The SDK is really nice and more modern in comparison to competitors.
It's on our list, but I don't think I'm going to be able to get it for you this week unfortunately.
This is ok. I'm fine with that you say it is possible and you are on it.
By they way, thanks for the incredible fast support!
sure thing!
@maxweisel generally client is open to use Normalcore. Can we check this in detail with DPA. I like the platform and I consider to use it for my projects. Can we have call to discuss a few things?
I'm happy to answer any questions you all have on Discord, unfortunately, we're unable to accommodate calls for Normcore Public accounts at this time.
Ok, first I need a ensure public tier EU-GDPR compliance / DPA - hard requirement in EU. Second, I'm also interested to learn more about the Private tier, especially pricing. It might be interesting for some of my clients. I believe it is also possible to host in on Microsoft Azure because it seems to be a Kubernetes cluster, correct?
Normcore Public is EU-GDPR compliant as a Data Processor.
Normcore Private is a private copy of the same infrastructure, but hosted on dedicated servers of your choosing. There’s also a self-hosted on-premises version that is compatible with Azure. We require a $150K USD minimum annual spend for Normcore Private.
Thanks, @maxweisel . Great to hear that Normcore Public is EU-GDPR compliant as a Data Processor. However, to meet our compliance needs, we’ll need a formal DPA that documents this compliance. Could you provide a DPA for the public offering?
Also, thanks for the information on the Private tier, but that seems more suited to large-scale projects. For now, we’ll proceed with the current project using the public offering.
Yes, it's on my list. It may take me a minute as we're always a little slammed going into the holidays.
ok, thanks!
@Max I really appreciate all the effort you’re putting in, especially with things being busy right now! That said, our project urgently needs a formal DPA for the public offering. Our kick-off was last week, and the networking stack is a critical part we need to move forward.
I trust Normcore is GDPR compliant as a Data Processor, but without a DPA in place, it’s legally tricky for us to operate in the EU. As you know, GDPR requires a DPA to outline responsibilities for handling personal data. Not having one puts agencies like ours, and even U.S.-based companies offering services in the EU, at risk of non-compliance. It could also lead to issues like app store bans (e.g., Meta in Europe) or fines.
Having the DPA available on the website or dashboard—like Photon Engine does (https://dashboard.photonengine.com/Account/DPA)—would be a huge help. It would make it easier for everyone to stay compliant and avoid unnecessary risks.
I understand this is a big ask, and I really appreciate you taking the time to look into it. Thanks so much, and let me know if there’s anything I can do to help move this along!
I’m on it
unfortunately I don’t have an ETA
When do you all plan to launch your title?
End of January and the customer wants to wrap up the legal stuff first, so not sure I can use it for the Jan project. But I’ve got another one launching in March—should work for that one.