👋 Next.js Conf 2024: Come build, party, run, and connect with us! See all events

Schrems II compliance of Sanity's CDN for procurement processes in EU

6 replies
Last updated: Oct 26, 2022
Hi, has anyone experience in procurement processes where Sanity has been used as the main database in EU? If so, wonder if Sanity is classified as the Cloud Service Provider, or if this is Google Cloud as the underlaying infrastructure?
Oct 21, 2022, 8:27 AM
Hi
user Q
are you asking concerning Schremms II compliance of Sanity?
Oct 24, 2022, 1:07 PM
Yes indeed,
user J
– if you have any more info, it could be helpful
Oct 25, 2022, 9:06 AM
I will get things for you…
Oct 25, 2022, 5:27 PM
CDN Access LogsThe CDN has edge nodes across the globe, but even if a request is routed via US infrastructure (e.g. a request originating in the US that is routed to an edge node in the US, because it is geographically closest),
all access logs are stored in Europe. This is the most important thing to note: no access logs are ever stored in the US.In addition to that, no requests originating in Europe should ever be routed to the US. They will instead be routed to a nearby edge node.“anycast” IP addresses
The CDN uses “anycast” IP addresses, which means a single IP represent multiple servers across the globe. *It is a red herring that testing tools indicate these requests are routed to the US.*There is no definitive way to determine the geographical location of a server based on an IP address. When reporting location information, tools will often fall back to the where the company that owns the IP address is registered. Another cause of inaccuracy is that the test itself will be dynamically routed to the closest server: if the tool conducts testing from a server located in the US, it will be handled by infrastructure in the US.

traceroute
There is a technical way we can investigate how CDN requests originating in Europe are being routed.
traceroute
is a tool to inspect the route a request takes through the network. Requests make multiple “hops” on the way to their final destination, and
traceroute
reports the duration each hop takes.Here is an example of a
traceroute
for
<http://cdn.sanity.io|cdn.sanity.io>
from my office in the UK, the output shows the IP address of each network hop and, more importantly, the duration of time each hop took. A transatlantic hop would take at least 70ms, but we can see each hop is well below that. We can therefore determine that the request is not being routed to the US. If you run a
traceroute
from your location, you should see similar results.
Services built on Sanity’s CDN are Schrems II compliant because:
• No access logs are ever stored in the US.
• Requests originating in Europe are routed to CDN edge nodes that are also located in Europe.
Oct 25, 2022, 5:28 PM
Thank you so much,
user J
, really appreciate it!
Oct 26, 2022, 9:29 AM
I know how it is to navigate EU rules and we did a lot of experimens
Oct 26, 2022, 9:34 AM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?