EU-native by design, not by checkbox

Most SaaS tools were built US-first and now have a "EU region" checkbox in a settings panel. Drobek went the other way: EU-resident from day one.

What that means concretely

• Hostinger EU VPS for primary storage *and* SMTP. One vendor for hosting + email reduces sub-processor count.
• Sentry.io EU region for error tracking. DPF-certified processor.
• OpenAI as the only US transfer — under Zero Data Retention. Embedding generation only; knowledge bodies are not logged, not retained, not used for training.
• No payment processor today. The Pro tier is waitlist-only; the Privacy Policy will be updated 30 days before any user is charged.

Why we list this on the homepage

Because EU customers ask. And because procurement is good at spotting the gap between "we care about privacy" and "here is the sub-processor list". The list is on the privacy policy.

Compliance roadmap — honest

drobek is operated by one person. Formal audit certifications (SOC 2, ISO 27001) come once revenue justifies an auditor — not before, and I will not pretend otherwise on a sales call. If a certification is a hard blocker for your team today, drobek is probably not the right fit yet.