Transparency
Vendor Reporting Methodology
EuroComply publishes EU compliance data on SaaS vendors to help procurement teams, DPOs, and IT leaders make informed decisions.
Data sources
We draw from public regulatory filings, vendor privacy policies and DPA pages, ISO certification registries, and SOC 2 audit summaries. We cite the source on every claim. Where a claim cannot be sourced publicly, it is marked as unverified.
What we publish
For each vendor we publish: HQ country, data residency regions, GDPR DPA availability and link (where public), sub-processor lists, security certifications, and a sovereignty score (0–100) based on EU data residency, certification coverage, and estimated Cloud Act exposure.
What we don't publish
We do not publish proprietary security audit details, internal documents shared in confidence, or data that could enable harm to individuals or organisations. Anything submitted privately through our contribution form is treated with appropriate discretion.
Accuracy and freshness
Each vendor page shows a "Last verified" date. We aim to verify every vendor at least quarterly. When data is older than 90 days we flag it as potentially stale. Scores and DPA status can change — we recommend checking the vendor directly for decisions with legal consequence.
Takedown and correction requests
If you believe data about your company is inaccurate, email [email protected] with a correction request and supporting evidence. We respond within 5 business days. Legitimate corrections are applied within 24 hours of verification.
Vendor claim process
Vendors can submit corrections and supporting evidence directly via the form below. Submissions are reviewed by the EuroComply data team.