GDPR - EU User Data Hosted in the EU
Dynasend is a “multi-region” platform (USA & EU). Customers governed by GDPR will have their user data maintained exclusively on AWS servers located within the European Union - AWS EU West (Ireland).
To maximize performance, we keep a multi-region table to locate signatures across regions and serve them to Outlook from any region, with the actual signature content being cached globally and securely. The result is that user’s Outlook experience (using the add-in) will have the exact same latency from anywhere in the world independent of their tenant’s region of choice.
GDPR Best Practices for Email Signature Providers
| Area | Expectation | Dynasend |
|---|---|---|
| Hosting | EU-based servers or GDPR-compliant providers | AWS EU West (Ireland) |
| Data residency | Clear policies about where data is stored | Yes, see our privacy policy |
| Email content acces | Avoid reading or storing the email body itself | Zero access to your email, ever! |
| DPA availability | Offered as part of service agreements | Available on request |
| User management | Secure authentication and access controls | Strict authentication enforced at all levels |
DoD and Federal Contractors (GCC High)
Although Dynasend is not explicitly GCC High compliant at this moment (August 2025), we have been in discussions with a large DoD contractor and are exploring a pathway to GCC High compliance.
One of the most significant obstacles email signature vendors have in achieving GCC High compliance is the use of architecture that routes email messages through the vendor’s server to apply the signature. This is a complete deal-breaker for GCC High compliance. Fortunately, Dynasend has zero access to any of your emails because the signature is injected directly into Outlook messages during composition. As a result, we immediately bypass the largest GCC High hurdle faced by many of our competitors.
The next issue that arises is the requirement to have FedRAMP Moderate authorization or higher, if an Azure / Entra ID sync is to be established. We do not have this authorization, nor does any email signature vendor, as far as we can tell.
However, this obstacle can be circumvented as by skipping the Azure / Entra ID sync, and instead importing user data directly via spreadsheet or by manual user input (via our user portal). This approach gets us one step closer to GCC High compliance.
Finally, there is a requirement for storing user data in the AWS GovCloud (or similar). We do not currently have this set up, but it can be done quite quickly in the case of a GCC High client coming onboard with our service.
Note: Configuration of a GCC High compliant program is by special request and may involve additional lead time.
Additionally, it’s useful to note that GCC High Compliant has been created in part “to meet strict compliance requirements for small to medium-sized contractors as they control the flow of Controlled Unclassified Information (CUI).” Source: Summit 7 / 2023
What is Controlled Unclassified Information (CUI)? According to the National Archives, Controlled Unclassified Information (CUI is):
Because Dynasend does not collect or store data rising to the level of Controlled Unclassified Information (CUI), and because Dynasend does not pull data directly from your O365 tenant, we believe that we can possibly serve DoD and Federal contractors without offering a GCC High Compliant service ourselves.