Does Mailchimp offer EU data residency?
The Rocket Science Group LLC d/b/a Mailchimp (an Intuit company) · Email Marketing · official site ↗
No EU data residencyEU-US DPF + SCCsDPA available
Where does Mailchimp store EU data — and who can touch it?
Mailchimp does not offer EU data residency — data is hosted outside the EEA, and relies on the EU-US Data Privacy Framework plus SCCs for transfers.
Mailchimp hosts all data in the United States with no EU residency option, but certifies to the EU-US, UK and Swiss Data Privacy Frameworks and incorporates SCCs directly into a self-serve DPA.
EU data residency
Can you keep data in the EU?
Mailchimp's help documentation states its headquarters and servers are in the United States, and its DPA confirms data may be transferred to and processed in the US and anywhere else in the world. No EU data-at-rest residency option is offered.
Transfer mechanism
Mailchimp (under Intuit's program) certifies to the EU-US Data Privacy Framework, the UK Extension and the Swiss-US DPF, and incorporates the SCCs directly into its DPA, which automatically forms part of its Standard Terms of Use.
Sub-processors
Who else processes your data?
Mailchimp publishes a sub-processor list (~24 entities including AWS, Google, Microsoft, OpenAI, Twilio, Zendesk). If a customer opts in to notifications, Mailchimp gives at least 10 days' notice before adding/removing a sub-processor; European customers may object within five calendar days on reasonable data-protection grounds. current sub-processor list ↗
Data Processing Agreement (DPA)
Does Mailchimp sign a DPA?
The DPA is incorporated directly into Mailchimp's Standard Terms of Use and requires no signature — using or signing up for an account constitutes agreement. It applies to all customers, including the free tier. DPA ↗
What the trust-badge pages don't tell you
There is no EU-hosting toggle anywhere in Mailchimp: every account's data sits in the US under DPF + SCCs. If EU data-at-rest is a hard requirement, Mailchimp cannot meet it regardless of plan.
$249/moto monitor up to 25 vendors' DPA & residency
≈ $3,000/yr, incl. cited bulk export
≈ $3,000/yr, incl. cited bulk export
Monitor your whole vendor list for DPA & residency changes
The free lookup answers one vendor at a time. Teams running EU vendor intake track dozens and need to know the moment a sub-processor, residency region or DPA term changes. Leave your work email and we'll set up monitoring + a cited export for your list.
Get notified when this changes
Compliance isn't one-and-done. Leave your email and we'll alert you when any vendor's BAA or HIPAA status we cover changes.
Frequently asked questions
Does Mailchimp offer EU data residency?
No. Mailchimp's help documentation states its headquarters and servers are in the United States, and its DPA confirms data may be transferred to and processed in the US and anywhere else in the world. No EU data-at-rest residency option is offered.
Where does Mailchimp send my data, and does it rely on SCCs?
Mailchimp (under Intuit's program) certifies to the EU-US Data Privacy Framework, the UK Extension and the Swiss-US DPF, and incorporates the SCCs directly into its DPA, which automatically forms part of its Standard Terms of Use.
Who are Mailchimp's sub-processors?
Mailchimp publishes a sub-processor list (~24 entities including AWS, Google, Microsoft, OpenAI, Twilio, Zendesk). If a customer opts in to notifications, Mailchimp gives at least 10 days' notice before adding/removing a sub-processor; European customers may object within five calendar days on reasonable data-protection grounds. See the current list at https://mailchimp.com/legal/subprocessors/.
Does Mailchimp sign a GDPR Data Processing Agreement (DPA)?
Yes — The DPA is incorporated directly into Mailchimp's Standard Terms of Use and requires no signature — using or signing up for an account constitutes agreement. It applies to all customers, including the free tier.
Is Mailchimp GDPR compliant?
Mailchimp can be used in a GDPR-compliant way, but compliance depends on your configuration, not just the vendor: Mailchimp hosts all data in the United States with no EU residency option, but certifies to the EU-US, UK and Swiss Data Privacy Frameworks and incorporates SCCs directly into a self-serve DPA. You are the controller — confirm the current DPA, residency and sub-processor terms with The Rocket Science Group LLC d/b/a Mailchimp (an Intuit company) and run a transfer impact assessment before processing EU personal data. This is not legal advice.
Sources
https://mailchimp.com/help/mailchimp-european-data-transfers/
https://mailchimp.com/legal/data-processing-addendum/
https://mailchimp.com/legal/subprocessors/
This page is cited public information, not legal or compliance advice. Whether Mailchimp can lawfully process your EU personal data depends on your plan, configured region, contract and a transfer impact assessment you control. Always confirm current terms with The Rocket Science Group LLC d/b/a Mailchimp (an Intuit company) before sending EU personal data.