We are a US-based company and are compliant with all US regulations. We are compliant with all data residency and data privacy laws in the USA. We are compliant with GDPR. We are compliant with CANSPAM and other regulations. Although from a US perspective, there is no comprehensive federal data protection law, there are sectoral laws relating to data residency/localization or government access to certain types of data. In addition, many of the obstacles that organizations faced with regard to the use of American citizens' data abroad and data transfers to the US were addressed by mechanisms including the EU-U.S. Privacy Shield. However, as a result of the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v. Facebook Ireland Limited, Maximilian Schrems (C-311/18) (“the Schrems II Case”), the EU-U.S. Privacy Shield was invalidated, leaving a significant regulatory gap for data transfers to/from the US.

Our infrastructure platform uses servers and cloud services from AWS, MS Azure, OCI, and others. The data for these services from these vendors are stored at these locations:

InfStones is a multinational organization operating in several countries. Although we are a US-based company, we localize operations to the degree that we are compliant with local laws and regulations in each jurisdiction as a policy for compliance. We do not operate out of or with firms, partners, vendors, suppliers, or contractors in any sanctioned countries:

We do not work with any persons, worldwide, that are sanctioned by the US authorities.