Open Doors

Trust Center

GDPR

How Open Doors supports your obligations under the EU GDPR and UK GDPR.

Last updated: 24 April 2026

The General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR set standards for how personal data is collected, used, stored, and transferred for residents of the European Economic Area and the United Kingdom. Open Doors is built so that customers who are themselves controllers of EU/UK personal data can use the Services and remain compliant with their obligations.

Our role

Under the GDPR, Open Doors generally acts as a processor of the personal data you and your end customers provide through the Services. You are the controller; you decide the purposes of processing and are responsible for the lawful basis, disclosures, and opt-outs owed to the individuals involved.

For our own websites (opendoors.ai, marketing emails to prospects, job applicants) Open Doors is the controller.

What we do to support your compliance

  • Sign a standard Data Processing Addendum (DPA) on request.
  • Disclose our sub-processors and notify you in advance of changes so you can object.
  • Apply appropriate technical and organisational measures (encryption, least privilege, logging, vulnerability management).
  • Assist you in responding to data subject requests you receive.
  • Notify you without undue delay if we become aware of a personal data breach affecting your data.
  • Keep records of processing activities and make them available to supervisory authorities as required.
  • Return or delete personal data at the end of your contract, subject to legally required retention.

International transfers

Where personal data leaves the EEA or the UK, we rely on safeguards permitted under the GDPR: standard contractual clauses (SCCs), the UK International Data Transfer Addendum (IDTA), adequacy decisions, or specific derogations under Article 49. Our DPA incorporates the relevant SCCs and IDTA by reference.

Data subject rights

EEA/UK residents can exercise the following rights with respect to data Open Doors processes as a controller:

  • Access, rectification, and erasure.
  • Restriction and objection to processing.
  • Data portability for data provided under consent or contract.
  • Withdraw consent at any time (without affecting lawfulness of prior processing).
  • Lodge a complaint with a supervisory authority or the UK ICO.

Requests: privacy@opendoors.ai. We aim to respond within 30 days.

Where your data is processed

Processing occurs in data centres in the United States and Europe, with globally distributed edge caching for static content. When we add a region or migrate workloads, we update this page and our sub-processor list.

Requesting a DPA

Customers who process EU/UK personal data through Open Doors can request our standard DPA from legal@opendoors.ai. Enterprise customers may negotiate bespoke terms; all other customers sign the standard version. A sample is available on request for review before signature.

Questions about this page? Contact privacy@opendoors.ai.

← Back to Privacy & Security