European data sovereignty
Your identity data stays in the EU. Hosted on European infrastructure, operated by a European company, governed by European law.
EU-only hosting
All data processing and storage occurs exclusively on servers physically located within the European Union. No cross-border data transfers to third countries.
European company
noo is incorporated and operated in the EU, subject to European law and jurisdiction. Not a subsidiary of a US parent company.
GDPR-native
Privacy by design and by default. Built from day one to comply with GDPR, not retrofitted after the fact.
No CLOUD Act exposure
Your critical identity infrastructure runs entirely on European cloud providers, outside the reach of foreign surveillance laws.
0
EU-hosted
0
data transfers outside EU
0
EU member states covered
noo id is built and operated entirely within the European Union, on infrastructure provided by Hetzner and OVHcloud. Your identity data never crosses EU borders, and no US cloud providers are involved anywhere in the stack. This architecture eliminates foreign surveillance exposure and ensures full compliance with GDPR, NIS2, eIDAS, and DORA.
EU-only infrastructure
All noo id infrastructure runs exclusively within the European Union, with no dependencies on non-EU cloud providers.
All data is processed and stored in Frankfurt, Germany (Hetzner) and Roubaix, France (OVHcloud) — both European-headquartered providers with facilities exclusively in EU member states. There are no US cloud providers anywhere in the stack: no AWS, no Google Cloud, no Azure. This eliminates CLOUD Act and FISA 702 exposure entirely, ensuring no cross-border transfers to third countries.
Data residency guarantees
Concrete, verifiable commitments that your identity data never leaves EU borders.
- All processing on EU-located servers only
- No CDN or edge caching in third countries
- European cloud providers — Hetzner and OVHcloud
- No AWS, Google Cloud, or Azure dependencies
- Contractual guarantees with financial penalties
Compliance framework
GDPR
Full compliance with the General Data Protection Regulation, including privacy by design, data minimization, and automated subject rights handling.
NIS2
Meets Network and Information Security Directive 2 requirements for critical infrastructure, including incident reporting and supply chain security.
eIDAS
Supports electronic identification and trust services across the EU, with integration into national eID schemes.
DORA
Satisfies Digital Operational Resilience Act requirements for financial institutions, including uptime SLAs and third-party risk management.
SOC 2
Audited against SOC 2 Type II controls for security, availability, and confidentiality of identity data.
ISO 27001
Information security management system aligned with ISO 27001 standards for systematic risk management and continuous improvement.
European company, European law
Frequently asked questions
Where exactly is my data stored? +
All data is stored in data centers located in Germany and France, operated by European cloud providers (Hetzner, OVHcloud). You can choose your preferred region during tenant setup.
How does noo id ensure GDPR compliance? +
noo id implements privacy by design (data minimization, purpose limitation, storage limitation), provides automated DSAR response tools, maintains detailed processing records, and conducts regular third-party GDPR audits. We also provide DPA templates for customers.
Which cloud providers does noo id use? +
We use Hetzner (Germany) and OVHcloud (France) for infrastructure. Both are European companies with data centers exclusively in the EU. We do not use AWS, Google Cloud, or Azure to avoid CLOUD Act and FISA 702 exposure.
Can I get contractual data residency guarantees? +
Yes. Enterprise customers receive contractual guarantees that data will not leave the EU, with financial penalties for breach. We also provide annual attestation letters for compliance audits.