Data residency in the EU, GDPR by design

Your team's leave data lives in Frankfurt, Germany. Exports, erasure, audit trails, and a DPA — the GDPR homework is done before you ask. No retrofits, no vague promises.

  • Lab Test Analyzer logo
  • Promics Edge logo
  • SelfHacked logo
  • SelfDecode logo
  • OmicsEdge logo

Regulators are not slowing down

€7.1B

in GDPR fines issued across Europe since 2018

€1.2B

of that in 2025 alone

443

personal data breaches reported in Europe, per day

1

city where your leave data lives: Frankfurt, Germany

  • GDPR enforcement is a steady machine, not a one-time wave — €1.2 billion in fines last year alone. An HR tool holding personal data has to be designed for it, not patched later.
  • Time-Out Zone was built inside the EU data boundary from the start: EU hosting, export and erasure flows, and an audit trail underneath.

DLA Piper GDPR Fines and Data Breach Survey, January 2026. Breach figure is the daily average of notified breaches, up 22% year over year.

Rights, honored

One person's full data export on request; deletion with proper cascades when someone must be forgotten. Both leave an audit entry.

Hosted in the EU

Database, backups, and file storage run in Frankfurt, Germany. Compute runs in Frankfurt too. Your leave data does not wander.

The right to take it with you

Export everything about one person, or your entire company, as structured data. Rate-limited, permission-checked, and logged.

The right to be forgotten

When someone must be deleted, deletion is real: the record and its dependencies go, with cascades — not a hidden flag.

GDPR by design, not by disclaimer

Access control, tenant isolation, audit trails, and minimal visibility are built into the product — the technical side of GDPR, working out of the box.

Paperwork, ready

DPA on request

A data processing agreement is available for your legal team, with a transparent subprocessor list.

Frankfurt, specifically

Not "the cloud", not "somewhere in Europe": Frankfurt, Germany — stated in writing in our data residency statement.

Honest about boundaries

Identity, payments, email, and error monitoring run through vetted US providers. Your HR and leave data stays in Frankfurt. We say exactly which is which.

Policies, published

Privacy policy, terms, and cookie policy are public pages, in plain language, kept current.

Data residency statement and subprocessor list available on request as part of the DPA package.

Residency

Where your data lives

A real answer to a fair question.

  • Database, backups, and uploaded files are hosted in Frankfurt, Germany (EU).
  • Application compute runs in Frankfurt as well — data is processed where it is stored.
  • Encrypted in transit (TLS) and at rest (AES-256).

Rights

GDPR rights, operational

Not a promise — flows that exist.

  • Data portability: per-person GDPR export and full-company export, as structured files.
  • Erasure: hard deletion with proper cascades, including invitation and offboarding cleanup.
  • Accountability: sensitive changes are recorded in an audit trail with actor and before/after values.

Paperwork

What your lawyer will ask for

Ready before the call.

  • DPA available on request, with a transparent subprocessor list.
  • Public privacy, terms, and cookie pages — written for humans.
  • Honest boundary: identity (Clerk), payments (Stripe), email (Resend), and monitoring (Sentry) are US-based subprocessors; leave data itself stays in Frankfurt.

Ready to get started?

Give us a call. We'll walk through the DPA, the subprocessor list, and the export flows together.

Security

Roles, isolation, encryption.

Explore

Audit trail

Who changed what — field by field.

Explore

Frequently asked questions

What is data residency?
Data residency is where your data physically lives — which country's servers store it, and whose laws apply. For Time-Out Zone, the answer is specific: your leave data is stored in Frankfurt, Germany, inside the EU.
Where exactly is our data stored?
In Frankfurt, Germany. The database, backups, and uploaded files run on EU infrastructure there, and application compute runs in Frankfurt too. This is documented in our data residency statement.
Can we get a DPA?
Yes. A data processing agreement is available on request, along with a transparent list of subprocessors, so your legal team sees the full picture before signing anything.
How do GDPR exports work?
An authorized admin can export everything stored about one person, or the entire company, as structured data. Exports are permission-checked, rate-limited, and recorded in the audit trail.
Does anything leave the EU?
Yes, and we say so plainly: identity runs through Clerk, payments through Stripe, email through Resend, and error monitoring through Sentry — vetted US providers. The HR and leave data itself stays in Frankfurt.
What happens when an employee must be deleted?
Deletion is real deletion: the person's record and its dependencies are removed with proper cascades, not hidden behind a flag. The removal itself leaves an audit entry, so accountability survives the deletion.