Forkin
2026 m. gegužės 27 d.

Why Forkin keeps core food data on European infrastructure

Many food and nutrition apps rely on US-headquartered infrastructure. Forkin keeps core app data on European infrastructure and publishes the processor list so you can inspect the trade-offs.

Forkin is a European company, and core app data is stored on European infrastructure. That is a deliberate engineering and legal choice, and it is one structural difference between us and many large apps in this category.

If you log what you eat, what you don't eat, what your kids eat, what your pet eats, what your skin reacts to, or what your doctor told you to avoid — that's sensitive personal data under EU law. Under GDPR Article 9, data about your health, diet, religious beliefs (halal, kosher), or even your political views deserves a higher level of protection than your shopping habits. So we built around it.

The US CLOUD Act, in one paragraph

The Clarifying Lawful Overseas Use of Data Act (passed in 2018) is one reason privacy teams look beyond physical server location. In some circumstances, US-headquartered service providers can be required to produce data they control, even when that data is stored outside the United States. That does not mean every Europe-hosted service has the same risk profile; it does mean processor ownership and legal jurisdiction matter.

The Schrems II ruling by the Court of Justice of the EU (2020) is part of that backdrop. It made clear that international transfers and foreign-government access risks need real technical and contractual controls, not just a checkbox in a privacy policy.

What this means for your favourite "EU" food app

Open the privacy policy of many nutrition apps and you will see large cloud providers, analytics SDKs, advertising networks, or crash tools. Some are US-headquartered. That may be acceptable for many products, but food, dietary, allergen, and body-related data deserves a narrower core processing path.

If you scan halal products, that's a religious preference. If you log Crohn's-friendly meals, that's a health condition. If you track your child's allergies, that's a minor's medical data. None of this is something you'd casually want disclosed under a sealed warrant in another jurisdiction.

How we built around it

Forkin keeps core app hosting and storage on European infrastructure. Here is the core stack:

  • Compute & storage: Hetzner Cloud (Germany) — EU-headquartered, no US parent, ISO 27001.
  • GPU inference: Hyperstack (UK/EU) — regional GPU capacity for selected workloads.
  • CDN & edge: Bunny.net (Slovenia) — EU-headquartered, EU-only routing for our zone. We migrated off Cloudflare in 2026 for exactly this reason.
  • VLM / LLM inference: Scaleway Generative APIs (France) — French cloud on France's low-carbon grid (nuclear + renewables); Scaleway publishes its environmental footprint.
  • Email: Brevo (France) — French SMTP relay, French data residency.
  • Error monitoring: Sentry EU region (Germany) — ingest.de.sentry.io, EU-only ingest.
  • Analytics: PostHog EU region (Frankfurt) — eu.i.posthog.com.

Some services sit outside that core hosting path. Payments are processed by Stripe as Merchant of Record so we don't see your card. Apple Sign In and Google Sign In are platform identity providers. App-store distribution, payment, and account-recovery flows can involve their own providers and legal regimes; our processor list explains the current setup.

"Doesn't GDPR already cover this?"

GDPR sets the baseline: lawful processing, minimisation, security, processor contracts, transparency, and your rights. Infrastructure choices are another layer. They cannot remove every legal or operational risk, but they can reduce unnecessary exposure for the core data we control.

If you ever want to know exactly what's stored about you, request it: every Forkin account can export everything in a machine-readable format (Article 20 portability), and you can permanently delete the account from inside the app (Article 17 erasure). Both endpoints are live, not "coming soon."

The honest trade-off

European infrastructure is often more expensive per request than the biggest hyperscalers, and smaller providers ship fewer ready-made AI primitives than AWS or Google Cloud. That's a real cost for us. The reason we accept it is that this category — what people eat, what their kids eat, what they're allergic to — deserves cautious defaults.

If you're choosing between food-scanning apps and you care about this, the question to ask isn't only "do you have GDPR-compliant privacy policies?" The better question is: "Where is my core data stored, which processors touch it, and what do they use it for?"

Our answer is published in our privacy policy and sub-processor list, and we keep it current as the system evolves.

Read our methodology · Privacy policy · Our mission