We only use fully GDPR compliant suppliers. As both our business and primary servers are located in the EU, we use EU locations wherever possible. However, as many tech companies have some form of presence in the USA, we ensure that any data that is sent there is covered by US-EU Privacy Shield.
We perform an annual review of our suppliers to ensure that they continue to be compliant with our legal requirements. We also receive regular security bulletins from these suppliers.