Sovereign & GDPR Compliant by Design

GDPR & Data Sovereignty

Compare how Subkit redefines privacy compliance by putting developers in complete control of subscriber metadata.

US SaaS Monopolies

When using US-based proprietary platforms (RevenueCat, Adapty), they act as **"data processors."**

Every app store purchase receipt, customer journey history, and device token must be transferred to external US cloud servers. Gaining GDPR compliance requires signed DPAs (Data Processing Addendums) and heavy privacy disclosures in your app's privacy policy.

❌ US Cloud Data Transferences

Subkit Sovereign Open-Source

With Subkit Self-Hosted, **no subscriber transaction data ever leaves your own infrastructure.**

Since the database and engine run entirely inside your own servers (e.g. EU clouds or on-premise), you are the sole controller and processor. This eliminates third-party data processing risks and satisfies EU digital sovereignty automatically!

✓ 100% Local Data Sovereignty

Subkit Self-Hosted Compliance

Subkit can be utilized by developers who must comply with the strict requirements of the European General Data Protection Regulation (GDPR).

In the case of hosting Subkit on your own dedicated server (Self-Hosted), Subkit does **NOT** act as a processor or controller of your customer's data. You have absolute ownership of your database. No usage statistics, purchase receipts, or customer information is compiled or broadcast to external networks.

Subkit Managed Cloud

For developers who prefer not to run server operations, we offer the fully-managed **Subkit Cloud** tier. In this model, Subkit acts as a **"data processor"** while you act as the **"data controller."**

  • Sovereign EU Servers: All managed databases and receipt validation workers are hosted exclusively on European cloud infrastructure (Frankfurt / Paris).
  • Data Processing Addendum (DPA): We offer a comprehensive GDPR-compliant DPA incorporating Standard Contractual Clauses (SCCs).
  • Instant Data Erasure: Fully-compliant user deletion APIs enable automated deletion requests in real time.

Our GDPR Principles

Data Minimization

We only compile and process the absolute minimum metadata required to cryptographically validate App Store and Google Play receipts.

Right to be Forgotten

Our system includes robust endpoints to immediately purge all customer subscription traces from database structures upon request.

Compliance Questions?

Reach out to our dedicated European data privacy handlers.

compliance@subkit.io