Last Update: December 1, 2025
ScyllaDB Inc. is self-certified for compliance with the EU-U.S. Data Privacy Framework (“EU-US DPF) and the UK Extension to the EU-U.S. DPF (“UK Extension to the EU-U.S. DPF”), as well as the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively “DPF Principles”), as set forth by the U.S. Department of Commerce. This Data Privacy Framework Statement (“DPF Statement”) applies in conjunction with the ScyllaDB Privacy Policy, available at https://www.scylladb.com/privacy/, as well as with any other ScyllaDB policies, statements, or notices that expressly link to this DPF Statement or expressly incorporate it by reference.
If there is any conflict between the terms in this DPF Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF Principles, please visit https://www.dataprivacyframework.gov/. To view our certification, please visit https://www.dataprivacyframework.gov/list.
ScyllaDB Inc. provides cloud-based services and database solutions to businesses world-wide, acting as a data processor on behalf of those businesses. For these businesses, ScyllaDB Inc. may process personal data of data subjects within the EU, UK and otherwise world-wide, depending on the metadata uploaded to the ScyllaDB platform by its customers. The personal data types that our customers put into our services is at their discretion (subject to any limitations in our contracts) and we only process it in accordance with their instructions as can be seen in the Scylla DPA: https://www.scylladb.com/data-processing-agreement/
However, in its role as a data controller, ScyllaDB Inc. receives and collects personal data about its customers, prospects, former customers, and customers’ users. ScyllaDB Inc. is fully owned by ScyllaDB Ltd. and provides sales and customer success services, through these services, ScyllaDB Inc. will process the following data sets of EU and UK data subjects: contact information such as full name and email, address, correspondence record (if applicable), and additional information such as title, job, position, etc. This data is processed for the purpose of providing the services, such as customer support, success, sales and marketing. The data is shared, as detailed in the privacy policy solely with the following: service providers (such as the CRM provider, cloud hosting providers, and other essential service providers) and with ScyllaDB Ltd.
Our privacy policy, available at: https://www.scylladb.com/privacy/, discloses the purpose and use of personal data, with whom we share the personal data, the categories of recipients and how you may exercise your rights. In the event ScyllaDB Inc. will process the personal data for a purpose that is materially different from the purpose(s) for which it was originally collected, it will seek your consent and shall not process for that purpose unless consent was obtained.
With regard to onward transfers of personal data to third parties, ScyllaDB is responsible and liable for ensuring that these third parties comply with applicable data protection principles. This includes ensuring that such third parties do not process such personal data in a manner inconsistent with the DPF Principles, the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, ScyllaDB commits to resolve all EU-U.S. DPF and Swiss-U.S. DPF related complaints about our collection and use of your personal data in accordance with the DPF Principles. EU, UK and Switzerland individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF or the Swiss-U.S. DPF, should first contact us at: [email protected]. We will investigate and attempt to resolve any Data Privacy Framework-related complaints or disputes within forty-five (45) days of receipt.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ScyllaDB Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF Principles.
Please note that if your complaint is not resolved through these methods above, a binding arbitration option may be available under limited circumstances. Additional information can be found here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Additionally, ScyllaDB Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”), and the FTC has jurisdiction over ScyllaDB Inc. compliance with the DPF Principles. Individuals may have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms above. For more information, please see Annex I of the DPF Principles.
Notwithstanding the above, under certain circumstances, ScyllaDB Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
