Harness Feature Flags are General Data Protection Regulation (GDPR) compliant. To ensure this:
- Harness doesn't provide a European data residency option, but it does provide teams easy abstractions to remain GDPR compliant in any use case.
- Harness SDKs do not communicate any user data to Harness that you do not choose to send as an attribute. By default, Harness does not need or send any personal indentifiable information (PII).
- If you need to use identifiable customer data for Flag Targeting, you can mask the data or pass it through a custom abstraction layer.
- The data Harness has is then anonymized and not traceable back to end-users directly. Additionally, all data is encrypted in transit.
- For the US, only the IP and email addresses of your team members are stored by Harness.
- Harness provides a data protection agreement to cover this data if necessary.