What Is Vultr’s Role Under the GDPR?

Vultr may act as both a data controller and a data processor, depending on the type of personal data and how our services are used.

As a Data Controller

Vultr acts as a data controller when it processes personal information for its own business operations. This includes activities such as:

• Managing customer accounts
• Processing payments and billing
• Delivering technical and customer support
• Preventing abuse and enforcing platform policies

In these cases, Vultr determines the purposes and means of processing personal data in accordance with our Privacy Policy.

As a Data Processor

When customers use Vultr services to process personal data, such as storing end-user information or handling data subject to privacy laws,Vultr acts as a data processor on behalf of the customer. Specifically:

• The customer serves as the data controller and defines the scope and purpose of processing.
• Vultr processes the data strictly according to the customer's instructions.
• Vultr applies appropriate technical and organizational measures to help secure this data.

This dual role ensures Vultr can deliver its services while supporting customers' obligations under the EU General Data Protection Regulation (GDPR). For more details, refer to our GDPR Privacy Notice.