NoCode-X: Assurance of Data Residency in Europe
Introduction
NoCode-X, a brand of Co-Dex.eu BV, is a Belgian legal entity operating under the strict European legislative framework. This ensures that all data processed by NoCode-X adheres to the European Union's General Data Protection Regulation (GDPR) and other relevant European laws. By maintaining data residency within Europe, NoCode-X provides its customers with the highest level of legal sovereignty, privacy, and security. This document outlines the measures, motivations, and guarantees that NoCode-X implements to ensure data residency in Europe.
Legal Framework and Sovereignty
-
European Legal Entity
NoCode-X is owned and operated by Co-Dex.eu BV, a company registered in Belgium. As a Belgian legal entity:- It is subject to European legislation and Belgian jurisdiction.
- Legal disputes are handled by the courts in Belgium and, where applicable, the European Court of Justice.
- This ensures that customers benefit from the legal sovereignty provided by European regulations, which are among the strictest in the world for data protection and privacy.
-
Compliance with GDPR and Beyond
- The GDPR is one of the most comprehensive data protection regulations globally, ensuring the privacy and security of personal data.
- NoCode-X services are designed to comply with GDPR and are also compatible with non-EU legislative contexts, making them suitable for global customers with stringent data protection requirements.
-
Customer Support for Legal Queries
- For any questions or concerns regarding data residency or compliance, customers can contact NoCode-X at [email protected].
Data Residency Controls
NoCode-X ensures that all data is processed and stored within the European region through the following measures:
1. Cloud Service Provider Locations
- Data processing is restricted to Belgium and France, ensuring that all data remains within the European Union.
- Cloud service providers used by NoCode-X are contractually obligated to process data exclusively within these locations.
2. Content Delivery Network (CDN) Break-Outs
- The CDN is configured to limit break-outs to the European Region, ensuring that data remains under European control.
- This configuration does not restrict global access to services but ensures that data processing and storage remain within Europe.
3. Flexible Hosting Options
- For customers with more stringent data residency requirements, NoCode-X offers the option to host the platform fully under their control:
- On their preferred cloud service provider.
- On their private cloud.
- On-premises infrastructure.
- These hosting models are supported as long as the customer has a Kubernetes runtime available.
Data Access and Security Guarantees
NoCode-X implements robust measures to ensure that only authorized entities can access customer data. These measures include:
1. Contractual and Configuration Assurances
- Providers are contractually bound to process data exclusively within the European region.
- Configurations are verified to ensure a privacy-friendly state, minimizing the risk of unauthorized access.
2. No Sharing of User or Customer Information
- NoCode-X does not share user or customer information with third-party providers.
- Website analytics and other services are facilitated by GDPR-compliant European providers.
3. Multi-Staged Encryption
- Workspace and Application-Level Encryption: Data is segmented by design, ensuring that:
- Users in one workspace or application cannot access another workspace unless explicitly authorized.
- Out-of-Band Encryption Key Storage: Encryption keys are stored separately, ensuring that even if storage-level access is compromised, the data remains inaccessible.
- These measures align with zero-trust architecture principles, ensuring that access is granted only to verified and authorized entities.
4. Backup Security
- Backups are encrypted and stored in secure locations under strict authorization controls.
- Backups are kept out-of-band from the operational runtime of the platform, ensuring recoverability while maintaining customer control over their data.
5. Administrator Access Restrictions
- NoCode-X administrators do not have access to customer data unless explicitly granted by the customer.
- Support personnel can only access a workspace or application if the customer provides a valid support account with the necessary permissions.
- This minimizes the attack surface for potential supply chain threats.
Cybersecurity and External Assurance
NoCode-X adheres to the highest standards of cybersecurity to protect customer data and ensure compliance with European data residency requirements:
-
Zero-Trust Architecture
- NoCode-X operates on a zero-trust architecture, which assumes that no entity (internal or external) is inherently trusted.
- This approach ensures that all access is verified, authorized, and monitored.
-
External Security Assessments
- NoCode-X undergoes regular external security assessments to validate its adherence to cybersecurity best practices.
- These assessments provide customers with confidence in the platform's ability to protect their data.
-
Customer Collaboration
- NoCode-X works closely with customers to implement additional controls on their side, ensuring a secure and compliant operating environment.
Summary of Data Residency Assurance
NoCode-X provides a comprehensive framework to ensure data residency in Europe, offering customers the following assurances:
- Legal Sovereignty: As a Belgian legal entity, NoCode-X operates under the strict European legislative framework, ensuring compliance with GDPR and other data protection laws.
- European Data Processing: Data is processed exclusively within the European Union, with cloud service providers limited to Belgium and France.
- Flexible Hosting Options: Customers can choose to host the platform on their preferred infrastructure, ensuring full control over data residency.
- Robust Security Measures: Multi-staged encryption, backup security, and zero-trust architecture ensure that data is protected from unauthorized access.
- Transparency and Accountability: NoCode-X does not share customer data with third parties and undergoes regular external security assessments to validate its practices.
Conclusion
NoCode-X is committed to ensuring data residency in Europe, providing customers with the legal, technical, and operational assurances they need to comply with European regulations and protect their data. By adhering to the highest standards of privacy and security, NoCode-X empowers customers to operate confidently and securely in a global digital landscape.
For further information or specific requirements, please contact us at [email protected].