GDPR, 25 May 2018


Is Surreal CMS compatible with the new European General Data Protection Regulation (GDPR)?


I’ve been following this closely to better understand how the GDPR affects US-based companies and to determine what we need to do to be properly compliant.

The good news is that we never, ever sell or expose you or your clients’ data. Period. We only collect what we need to operate the service, and any information we do store can be updated or deleted by the respective user at any time.

Truth be told, this has always been our policy. We welcome the transparency the GDPR is bringing to users of online services, and we’re happy to do what needs to be done to maintain proper compliance. This week, we’re updating our privacy policy to better reflect this :slight_smile:


Ok, thanks Cory.

I think that for Surreal CMS the GDPR compliant is relative to the ftp details that the EU’s users stored on your platform. On the policy privacy is necessary indicate the name, location and if the cloud platform respect the high security level required from the GDPR (e.g. if when the user delete the account, the ftp/name details are deleted permanently from the database).

See Google Analytics for more information about Data retention policy (for “revision” and/or “recent activity”):


Our privacy policy has been updated: