Lead Capture & Analytics 4 min read Updated 24 April 2026

Is Emberhop GDPR compliant for EU data collection?

Emberhop stores all customer and visitor data on EU-based infrastructure with no third-party data sharing. This article covers how Emberhop handles GDPR compliance and what data subject rights are supported.

Is Emberhop GDPR compliant for EU data collection?

GDPR compliance matters to any business collecting contact data from EU residents. Emberhop was built with EU data sovereignty as a core design principle. All data is stored on servers located within the EU, no visitor or lead data is shared with third parties outside the EU, and the platform provides the tools you need to respond to data subject requests.

EU-only data hosting

Emberhop's infrastructure runs entirely in the EU. The application database, the analytics database, and the authentication system are all hosted on EU-based servers. Data does not cross EU borders as part of normal platform operation. There are no cross-Atlantic data transfers in the processing pipeline.

This is a meaningful distinction from platforms that process data in the US and rely on Standard Contractual Clauses or adequacy decisions for transfer compliance. With Emberhop, the data simply does not leave the EU.

Good to know

If your organization requires a Data Processing Agreement (DPA), contact the Emberhop support team. A DPA is available for Business plan customers and can be provided on request for Pro plan customers with specific contractual requirements.

What personal data Emberhop processes

Emberhop processes two categories of personal data on your behalf:

  • Lead contact data: Name, email address, and optionally company name, collected via the lead gate form. This is data submitted voluntarily by your document viewers.
  • Viewer analytics data: Country (derived from IP, full IP not retained), referrer domain, and session timestamps. This data is tied to individual sessions but not to identified individuals unless a lead gate submission links a session to a contact.

Emberhop does not process payment card data directly. Payments are handled by Mollie, an EU-based payment processor.

Data subject rights Emberhop supports

  • Right of access: You can export all lead data for a specific individual from the Leads section of your dashboard. Use the search to find submissions by email address and export the results.
  • Right to erasure (right to be forgotten): You can delete individual lead records from the dashboard. Deleted leads are removed from the database immediately.
  • Right to data portability: All lead data can be exported as a CSV file at any time from the Leads section.
  • Right to object: If a lead contact requests that you stop processing their data, you can delete their record from your Emberhop dashboard. This removes their data from the platform.

Your responsibilities as the data controller

Emberhop acts as a data processor on your behalf. As the organization using Emberhop to collect leads from your document viewers, you are the data controller under GDPR. This means you are responsible for:

  • Having a legal basis for collecting lead data (consent, legitimate interest, or contractual necessity).
  • Informing your visitors that their contact details will be collected when they submit the lead gate.
  • Responding to data subject requests within the required timeframes.
  • Including Emberhop in your data processing register if required by your organization's compliance framework.

The lead gate form itself does not include a GDPR consent checkbox by default. If your legal basis for collecting lead data is consent, you should add a privacy notice or consent statement to your embed page in addition to the gate form.

← All articles