General Data Protection Regulation

BunnyCDN is fully committed to complying and helping you comply with the GDPR.

What is GDPR?

General Data Protection Regulation (GDPR) is a new EU regulation designed to harmonize data privacy laws across Europe and enforce much stricter privacy regulations. It was designed to better protect user privacy and reshape how organizations handle personal data.

Does it apply to me?

GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.


Due to the global nature of BunnyCDN, it is likely that GDPR will affect you in some way, so we advise all of our users to thoroughly study the new GDPR regulations. BunnyCDN is fully committed to help you with compliance, so we are rolling out anonymity features before May 25th 2018 and making sure no user identifiable data is collected or processed whenever possible.


Data Processor (BunnyCDN)

BunnyCDN typically acts as a data processor, which means that we process data on your behalf. BunnyCDN allows you to gather and temporarily store visitor log information such as anonymised IP, web address, country code and user agent for the purpose of analyzing, processing, testing and security. Additionally, our system stores either temporarily or permanently files obtained from your website by our system our manually uploaded by you.

In most cases, the data held and collected by BunnyCDN does not contain any user identifiable data. In some cases, which depend on how you are using BunnyCDN and how your website is structured, personal data may be collected from your users. Such information includes hosting user uploaded content as well as personal data that might be transmitted in the URL, User-Agent or Referer headers of the HTTP protocol.

Data Controller (You)

As a customer of BunnyCDN, you typically act as a data controller. This means you determine if, why and for how long data will be stored on our system. Our system provides ways to process, store and aggregate the stored information. If you are storing personal data on BunnyCDN it is your duty as a controller to demonstrate the same level of GDPR compliance.

While uncommon, BunnyCDN also provides way to block users from the EU from accessing your content altogether by using our traffic manager tools if you do not wish to serve users from the European Union.

Data Processing Agreement (DPA)

Typically, BunnyCDN does not collect, store or distribute information that could be used in any way to identify a user or contain their personal information. If you believe that you process personal data on the BunnyCDN platform, this qualifies you as a data processor and you will be required by law to complete a Data Processing Agreement (DPA). We are making sure to make this available by May 25th, so please contact our support team to receive the agreement.

How does BunnyCDN comply with GDPR?

BunnyCDN is fully committed to complying with the GDPR. We have overhauled our user Privacy & Data policy and taken steps to ensure no personally identifiable data is stored from your users that access your services through BunnyCDN by anonymizing any data that could be used to directly or indirectly identify a user. We are also signing the Data Processing Agreements with our partners and carefully overviewing that they take the required privacy measures over the data shared or stored on their platforms.