PlanetScale has certified under the EU-US Data Privacy Framework, meaning it has committed to specific data protection standards for data transferred from the EU, UK, and Switzerland to the US, and the FTC can enforce these commitments.
This analysis describes what PlanetScale's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EU, UK, and Swiss users have a formal mechanism to raise privacy disputes through VeraSafe's dispute resolution process and ultimately through binding arbitration if PlanetScale and VeraSafe cannot resolve a complaint, providing a meaningful enforcement pathway not available in many commercial privacy policies.
EU, UK, and Swiss users whose personal data is transferred to PlanetScale in the US are protected by DPF Principles, have access to a free VeraSafe dispute resolution process, and can pursue binding arbitration if complaints remain unresolved; however, PlanetScale may still disclose their data in response to US national security or law enforcement requests.
How other platforms handle this
Datadog complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Datadog has certified to the U.S. Department of Commerce that it adheres to the EU-...
Zendesk complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. When Zendesk transfers personal data from the EU, UK, or Switzerland to the United ...
In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...
Monitoring
PlanetScale has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"PlanetScale Inc. participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework for the collection, use, and retention of personal information from the European Union and European Economic Area member countries, the United Kingdom and Switzerland. We have certified with the Department of Commerce that we adhere to the Data Privacy Framework Principles. [...] PlanetScale is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.— Excerpt from PlanetScale's PlanetScale Privacy Policy
(1) REGULATORY LANDSCAPE: The EU-US Data Privacy Framework (DPF), administered by the US Department of Commerce, provides a GDPR-compliant transfer mechanism following the Court of Justice of the EU's Schrems II decision and the European Commission's adequacy decision of July 2023. PlanetScale's participation subjects it to FTC enforcement under Section 5 of the FTC Act. The UK Extension and Swiss-US DPF extend similar protections. Disclosure obligations to public authorities under national security or law enforcement requirements remain a known tension point with EU data protection expectations, and the DPF's adequacy may be subject to future legal challenge as was its predecessors. (2) GOVERNANCE EXPOSURE: Medium. DPF certification provides a recognized and currently operative transfer mechanism, reducing regulatory exposure for EU-to-US data transfers compared to relying solely on SCCs. However, the policy also states it relies on adequacy decisions or contractual protections as alternatives, suggesting the DPF is one of multiple mechanisms used. Ongoing validity of the DPF depends on continued US government compliance with the redress mechanism established under Executive Order 14086, which could be subject to change. (3) JURISDICTION FLAGS: EU and EEA users benefit directly from DPF protections. UK users are covered by the UK Extension, though the UK's own adequacy status vis-a-vis the EU adds a layer of complexity for organizations managing multi-jurisdictional data flows. Swiss users are covered by the Swiss-US DPF. Organizations based in these jurisdictions should verify PlanetScale's active DPF registration at the official DPF registry. (4) CONTRACT AND VENDOR IMPLICATIONS: The policy states that third parties receiving personal information under the DPF must also comply with DPF obligations and that PlanetScale remains liable for failures by such third parties unless it can demonstrate it is not responsible. This onward transfer liability provision is significant for procurement teams: PlanetScale accepts residual liability for sub-processor DPF compliance, which is a notable contractual commitment. (5) COMPLIANCE CONSIDERATIONS: Legal teams should independently verify PlanetScale's active DPF registration at dataprivacyframework.gov and confirm that the specific services and data types covered align with the organization's use case. EU and UK data processing agreements should reference the DPF or applicable SCCs as the transfer mechanism. Teams should monitor the ongoing legal and political stability of the DPF and maintain fallback SCCs as a contingency.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EU, UK, and Swiss users have a formal mechanism to raise privacy disputes through VeraSafe's dispute resolution process and ultimately through binding arbitration if PlanetScale and VeraSafe cannot resolve a complaint, providing a meaningful enforcement pathway not available in many commercial privacy policies.
EU, UK, and Swiss users whose personal data is transferred to PlanetScale in the US are protected by DPF Principles, have access to a free VeraSafe dispute resolution process, and can pursue binding arbitration if complaints remain unresolved; however, PlanetScale may still disclose their data in response to US national security or law enforcement requests.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PlanetScale.