For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
      • AstroFully-managed data operations, powered by Apache Airflow.
      • Astro Private CloudRun Airflow-as-a-service in your environment.
      • Professional ServicesExpert Airflow services for your enterprise's success.
    • Tools
      • Cosmos
      • Orbiter
      • CLI
      • AI SDK
      • Agents
      • Blueprint
      • UpdatesThe State of Airflow 2026See the insights from over 5,800 data practitioners in the full report. Download Now ➔
  • Customers
  • Docs
    • Insights
      • Blog
      • Webinars
      • Resource Library
      • Events
    • Education
      • Academy
      • What is Airflow?
  • Pricing
Get Started Free
    • Overview
      • Astro Support
      • Astro Office Hours
      • Global environment variables
      • Custom role permissions
      • Allowlist Astro domains
      • Feature previews
      • Deprecations
      • Azure Native ISV retirement
      • Security
        • Shared responsibility model
        • Resilience
        • Data protection
        • GDPR compliance
        • HIPAA compliance
        • Secrets management
      • Glossary
    • Book Office Hours

Product

  • Platform Overview
  • Astro
  • Astro Observe
  • Astro Private Cloud
  • Security & Trust
  • Pricing

Tools & Services

  • Cosmos
  • Docs
  • Professional Services
  • Product Updates

Use Cases

  • AI Ops
  • Data Observability
  • ETL/ELT
  • ML Ops
  • Operational Analytics
  • All Use Cases

Industries

  • Financial Services
  • Gaming
  • Retail
  • Manufacturing
  • Healthcare
  • All Industries

Resources

  • Academy
  • eBooks & Guides
  • Blog
  • Webinars
  • Events
  • The Data Flowcast Podcast
  • All Resources

Airflow

  • What is Airflow
  • Airflow on Astro
  • Airflow 3.0
  • Airflow Upgrades
  • Airflow Use Cases
  • Airflow 2.x End of Life

Company

  • Our Story
  • Customers
  • Newsroom
  • Careers
  • Contact

Support

  • Knowledge Base
  • Status
  • Contact Support
GitHubYouTubeLinkedInx
  • Legal
  • Privacy
  • Terms of Service
  • Consent Preferences

  • Do Not Sell or Share My Personal information
  • Limit the Use Of My Sensitive Personal Information

Apache Airflow®, Airflow, and the Airflow logo are trademarks of the Apache Software Foundation. Copyright © Astronomer 2026. All rights reserved.

LogoLogo
On this page
  • What is the GDPR?
  • Who is impacted by GDPR?
  • Is Astronomer subject to GDPR?
  • Is my company subject to GDPR?
  • How does using Astro help me comply with the GDPR?
  • Does Astronomer offer a Data Processing Agreement (DPA)?
  • How does Astronomer perform transfer of personal data outside of the EEA?
ReferenceSecurity

GDPR compliance

Edit this page
Built with

What is the GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area (EEA). The European privacy law became enforceable on May 25, 2018, and replaces the EU’s Data Protection Directive, which went into effect in 1995. The GDPR is intended to harmonize national data privacy laws throughout the EEA and enhance the protection of all EEA residents with respect to their personal data.

The European Commission provides official definitions about the legislation here.

Who is impacted by GDPR?

The GDPR applies to companies that are established within and outside of the EU that offer goods or services to EEA residents, or monitor their behavior. In essence, it impacts and applies to all companies processing and holding the personal data of data subjects located in the EEA. The GDPR defines “personal data” to be “any information which are related to an identified or identifiable natural person”.

Is Astronomer subject to GDPR?

Astronomer is subject to GDPR because the personal data of EEA residents is processed and stored through consumption of Astronomer services.

Is my company subject to GDPR?

If there is a possibility that your company collects or processes personal data of individuals located in the EEA, you are most likely subject to GDPR. Confirm with your privacy and legal counsel.

How does using Astro help me comply with the GDPR?

Simply using Astro does not ensure compliance with GDPR, but the combination of a Data Processing Agreement (DPA), Astro architecture, and various controls, features, and modules available in Astro, Astro Runtime, and the Airflow Registry can help you with your GDPR compliance.

Astro is designed and architected with security and privacy by default. Astro boasts a hybrid deployment model founded on a control plane hosted by Astronomer and a data plane that is hosted in your cloud environment. Both are fully managed by Astronomer. This model offers the self-service convenience of a fully managed service while respecting the need to keep data private, secure, and within corporate boundaries.

All customer business data never leaves your environment (for example, a cloud database) or is required to be uploaded to Astronomer’s own cloud service, thus reducing any concerns that Astronomer may not properly respond to a GDPR request in the allotted time as prescribed by GDPR requirements.

The customer (the data controller) maintains full control over how their data is accessed by their data plane through a combination of network, authentication and authorization controls. Running a current and supported version of Astro Runtime ensures the latest security and bug fixes are in effect, while the Airflow Registry provides a suite of provider-maintained modules that you can use to interact with your data in a secure and standard way.

Some basic personal information about Astro users, such as email addresses, names, and IP addresses, as well as data pipeline metadata, such as deployments metrics, scheduler logs, and lineage, is collected and processed by Astronomer (the data processor) in the control plane to provide Astro services like user management, deployment management, and observability. Customers may exercise their data protection rights if they have concerns about the management of this personal data.

Does Astronomer offer a Data Processing Agreement (DPA)?

Yes, Astronomer offers a Data Processing Agreement which complies with the requirements of the current GDPR legal framework in relation to data processing. If your company requires a DPA with Astronomer to satisfy the requirements the GDPR imposes on data controllers with respect to data processors, contact privacy@astronomer.io.

Please note that if you have previously executed a DPA with Astronomer, it is likely that the DPA already contains sufficient provisions to satisfy the requirements the GDPR imposes on data controllers with respect to data processors. If you believe a new DPA is required, contact privacy@astronomer.io with any questions or concerns.

How does Astronomer perform transfer of personal data outside of the EEA?

The European Commission (EC) issued modernized Standard Contractual Clauses (SCCs) on June 4, 2021, under the GDPR (Article 46) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR) to controllers or processors established outside the EU/EEA (and not subject to the GDPR).

Astronomer is subject to the new SCCs to transfer personal data to countries outside of the EEA where necessary, and has incorporated them into a standard Data Processing Agreement for the purposes of providing our Services (inclusive of support).

This page is for informational purposes only. Customers should not consider the information or recommendations presented here to constitute legal advice. Customers should engage their own legal and privacy counsel to properly evaluate their use of Astronomer services, with respect to their legal and compliance requirements and objectives.