Open Doors

Trust Center

International transfers

Where your data lives and the safeguards for cross-border flows.

Last updated: 24 April 2026

Open Doors is a global service. Running a global service means data crosses borders. This page explains where your data is processed, how it moves, and the legal mechanisms we rely on to protect it.

Where data is processed

  • Primary processing — United States and European Union data-centre regions.
  • Edge delivery — global points-of-presence for static content and DDoS mitigation.
  • Communications — SMS, voice, and email providers with regional presence covering the geographies we serve.

Why cross-border

  • Low-latency delivery to customers and their end users globally.
  • Resilience — multiple regions reduce the impact of any single outage.
  • Specialised services — some vendors only operate in specific regions.

Legal safeguards

From the EEA / Switzerland

  • EU Commission Standard Contractual Clauses (Decision 2021/914) for transfers to third countries.
  • Supplementary measures where required by a transfer-impact assessment — encryption in transit and at rest, access controls, logging, and contractual restrictions on vendor access.
  • Adequacy decisions where available.

From the United Kingdom

  • UK Addendum to the EU SCCs, or the UK International Data Transfer Agreement (IDTA).
  • Adequacy regulations where they exist (for example, the EU and the UK Extension to the EU-US Data Privacy Framework).

From the UAE

  • Transfers permitted under Article 22 of the PDPL — adequate protection jurisdictions, contractual safeguards, or consent where applicable.
  • Contractual clauses with recipients incorporating data-protection requirements equivalent to the PDPL.

From other jurisdictions

We apply equivalent safeguards under local law — contractual clauses, intra-group agreements, explicit consent where required, and technical measures.

Sub-processor transfers

Many transfers happen through our sub-processors (see Sub-processors). All sub-processors are bound by data-processing agreements that flow down the obligations we owe to our customers.

Regional hosting on request

Enterprise customers with specific residency requirements can request regional hosting. Email legal@opendoors.ai to discuss.

Questions about this page? Contact privacy@opendoors.ai.

← Back to Privacy & Security