Trust Hub
Legal Resources at PeopleForce
Public Announcement: Migration to Google Cloud Platform (GCP)
As part of our continuous commitment to providing the highest level of reliability, performance, and data security, we are pleased to inform you that PeopleForce is migrating its infrastructure to Google Cloud Platform (GCP).
This migration is fully aligned with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and follows recommendations of the European Data Protection Board (EDPB).
What is changing?
- New sub-processor: Google Cloud (GCP) will replace Linode as our hosting infrastructure provider.
See our PeopleForce Sub-processors List - New infrastructure regions: All data will be stored and processed in GCP data centers located in:
- Netherlands (europe-west 4, Eemshaven)
- Belgium (europe-west1, Saint-Ghislain)
Migration date: December 6, 2025
Please note: Scheduled maintenance will take place on December 5, from 21:30 UTC to December 6, 00:30 UTC (approx. 3 hrs). During this time, the PeopleForce platform will be unavailable.
Why this is good news for our customers
- Enterprise-grade infrastructure
Google Cloud provides world-class availability, security, and scalability, helping us deliver a faster, more stable, and more future-proof platform. - Improved uptime and performance
With multiple availability zones and autoscaling architecture, your experience will be smoother even during high-load periods. - EU-based hosting, fully GDPR-compliant
All personal data will remain within the EU/EEA under strict data protection controls and audit readiness. - Better reliability for integrations
System traffic will use a static IP, simplifying firewall configurations and avoiding issues with dynamic routing. - Enhanced data durability
We are extending our backup retention to 1 year and ensuring faster recovery options. - Improved file storage
Google Cloud Storage will power faster, more stable uploads and file access — fully integrated into our infrastructure.
What stays the same?
- Your data remains fully hosted within the EU.
- No changes to your service level, contract, or current DPA.
- AWS (SES) and Cloudflare continue to support email delivery and security.
What action do you need to take?
Nothing. This migration is fully managed by the PeopleForce team. If we require IP whitelisting updates or other minor technical adjustments, we’ll contact you in advance.
Processing & Security Measures with Google Cloud
- Data Location: Netherlands (europe-west4) and Belgium (europe-west1)
- Sub-processor list: Learn more
- DPA with GCP: Signed and part of our Master Agreement, fully GDPR-compliant
- Public GCP DPA: Learn more
- Risk and DPIA assessment: Conducted under GDPR Articles 32 & 35
- Security certifications: ISO 27001, 27017, 27018, 27701, SOC 2 Type II
- SCCs & safeguards: Commission Decision (EU) 2021/914 compliant, encryption and access control in place
🔐 How Google Cloud keeps your data secure
As part of our migration to GCP, we benefit from Google’s industry-leading security and compliance infrastructure. Here are key security measures that will now protect your data:
- Data Encryption by Default
- All data is automatically encrypted at rest (AES‑256) and in transit (TLS/HTTPS).
- Internally, Google uses ALTS protocol to secure service-to-service communication.
Learn more
- Reliable Backup & Recovery
- Data backups are encrypted and stored securely, ensuring availability and fast recovery.
Learn more
- Data backups are encrypted and stored securely, ensuring availability and fast recovery.
- Advanced Key Management
- Multiple encryption key options: Google-managed, Customer-managed (CMEK), and externally managed (EKM/CSEK).
Key Management
- Multiple encryption key options: Google-managed, Customer-managed (CMEK), and externally managed (EKM/CSEK).
- Granular Access Controls
- Managed through Cloud IAM with least-privilege access, multi-factor authentication (MFA), and SSO support.
- Based on Google’s BeyondCorp Zero Trust model.
Access Controls
- Logging & Monitoring
- All activity is logged via Cloud Audit Logs.
- Real-time threat detection with Security Command Center.
- Google Access Transparency ensures visibility into any access by Google personnel.
Security Monitoring
- Secret Management
- Secrets like API keys and tokens are stored securely with auto-rotation and granular access rules.
Secret Manager
- Secrets like API keys and tokens are stored securely with auto-rotation and granular access rules.
- Network Isolation & Firewalling
- VPC Service Controls isolate services and prevent unauthorized data movement.
- Internal segmentation and Zero Trust applied to internal communications.
VPC Security
- Physical Security of Data Centers
- 24/7 surveillance, biometric controls, and multi-layered access protocols ensure physical safety.
Data Center Security
- 24/7 surveillance, biometric controls, and multi-layered access protocols ensure physical safety.
- Global Compliance Standards
- Certified for GDPR, ISO 27001/17/18/27701, SOC 2, PCI DSS, and others.
- Regular audits and tools to help us stay compliant.
GCP Compliance Center
🛡 What does this mean for you?
This change has no negative impact on your current agreements or your data protection rights. All data will remain protected under GDPR.
If you would like to request:
- Our DPIA and security documentation
- A full list of current sub-processors
- Additional technical details
Please contact us at: security@peopleforce.io