# Where is data stored? ## Introduction Like many digital services companies we use a 3rd party service provided by google called [Firebase](https://firebase.google.com/). Firebase is an app development platform that helps us build and grow our apps. It is owned by Google and trusted by businesses around the world. The Service uses the following products from Firebase for its core functionalities: * [**Real-time database**](https://firebase.google.com/products/realtime-database). * [**Hosting**](https://firebase.google.com/products/hosting) * [**Authentication**](https://firebase.google.com/products/auth) * [**Cloud Firestore**](https://firebase.google.com/products/firestore) * [**Cloud Functions**](https://firebase.google.com/products/functions) * [**Cloud Storage**](https://firebase.google.com/products/storage) Furthermore, the Service uses the following Firebase products to monitor the app and improve its quality: * [**Performance monitoring**](https://firebase.google.com/products/performance) * [**Analytics**](https://firebase.google.com/products/analytics) ## Where are Firebases servers located? A few Firebase services are only run from US data centers. As a result, these services process data exclusively in the United States: * Firebase Realtime Database * Firebase Hosting * Firebase Authentication The other Firebase services run on global Google infrastructure. They could process data at any of the [Google Cloud Platform locations](https://cloud.google.com/about/locations/) or [Google data center locations](https://www.google.com/about/datacenters/inside/locations/index.html). ### Does GDPR require EU personal data to stay in the EU? No, the GDPR does not require EU personal data to stay in the EU. The transfer of personal data to third countries or international organisations is covered by [Articles 44-50](https://gdpr-info.eu/art-44-gdpr/) of the Act. The general principle can be summarised as saying, if you transfer EU personal data out of the EU, you must ensure that this data still enjoys the same level of protection it gets under GDPR. In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent. ## What is our legal basis for transfering EU personal data outside of the EU? We base our GDPR compliance on Google Cloud’s Approach to [European Standard Contractual Clauses (SCC)](https://services.google.com/fh/files/misc/gc_new_eu_scc.pdf), issued on 4 June 2021 by the European Commission. On 21 March 2022, the UK Information Commissioner’s international data transfer addendum (the “UK Addendum”) became effective, enabling the use of EU SCCs in amended form for transfers of personal data under the UK version of the EU GDPR (the “UK GDPR”). The modernized SCCs apply to us and legitimate the transfer of Customer Personal Data outside of the EU as we have certified that the European Protection Law applies to us and have signed Google's Coud Data Processing Addendum (CDPA). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://program-user-docs.preignition.org/faq/introduction-to-faq/where-is-data-stored.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.