Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
KeyCDN is a Swiss content delivery network operated by proinity LLC. It accelerates static asset delivery (images, CSS, JS, video) via 35+ global edge points and is appreciated for its simplicity, fair pricing, and EU/Swiss data protection alignment. KeyCDN sets no cookies in the visitor browser by default; it processes IP addresses solely to route requests to the nearest edge and to record access logs.
KeyCDN is a Swiss content delivery network founded in 2012 and operated by proinity LLC from Sarnen (Obwalden, Switzerland). It serves static assets like images, JavaScript, CSS, fonts, and video segments through 35+ globally distributed edge points, with strong European coverage. KeyCDN is appreciated by EU developers for its pay-as-you-go pricing, the simplicity of its dashboard, and its Swiss/EU data protection posture.
For each request to a cached asset, KeyCDN records the visitor IP address, user agent, requested URI, HTTP method, response status, bytes transferred, and timestamp. These are stored in raw access logs that can be downloaded by the customer. No cookies are written to the visitor browser by KeyCDN; the CDN is a stateless reverse proxy.
IP addresses are personal data under GDPR. The processing relies on legitimate interest (Art. 6(1)(f)) as a necessary technical component of website delivery. The ePrivacy Directive consent requirement does not apply because the CDN does not store or read any information on the device. Switzerland is covered by an EU adequacy decision, so transfers to Swiss KeyCDN servers do not require Standard Contractual Clauses.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For EU visitors, KeyCDN routes requests to the nearest EU PoP (Frankfurt, Amsterdam, Paris, London, Madrid, Milan, Stockholm, Warsaw). The control plane is operated from Switzerland under the adequacy decision. Edge PoPs in the US, Asia, and Oceania serve non-EU visitors. No additional safeguards are required for EU-to-Switzerland transfers; raw logs centralised in Switzerland fall under the same regime.
Sign the KeyCDN DPA, document KeyCDN in the RoPA as a processor, mention KeyCDN and the Swiss adequacy decision in the privacy notice, configure short log retention if granular access logs are not needed, and avoid caching responses that contain personal data of authenticated users (use cache key normalisation and exclude authenticated routes).
Websites using KeyCDN must obtain user consent under GDPR regulations.
DPIA considerations
KeyCDN processes visitor IP addresses (used to route to the nearest PoP and to log accesses) and request metadata (URI, user agent, response status, byte counts). Key DPIA considerations: (1) IP addresses are personal data under GDPR; (2) Switzerland is covered by the EU adequacy decision, simplifying transfers; (3) log retention is configurable, and raw logs can be disabled if not required; (4) edge PoPs outside Switzerland and the EU exist for non-EU visitors, but EU visitors are normally served from EU PoPs; (5) the asset content cached on the CDN can include personal data if you publish such data on the origin site.
Sample consent text
Our website uses KeyCDN, a Swiss content delivery network, to accelerate the delivery of static assets (images, scripts, stylesheets). KeyCDN processes your IP address to route your request to the nearest edge server and to maintain access logs. Switzerland benefits from a European adequacy decision, so the transfer does not require additional safeguards. KeyCDN does not set cookies in your browser.
Third-party domains contacted
keycdn.comwww.keycdn.comkxcdn.com*.kxcdn.comtools.keycdn.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies set by KeyCDN | N/A | N/A | KeyCDN is a stateless reverse proxy and does not write any cookie to the visitor browser. Cookies received from URLs hosted on the KeyCDN domain originate from the customer origin server passed through the CDN. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. KeyCDN is a stateless reverse proxy. It does not set cookies in the visitor browser. Any cookie the visitor receives from a KeyCDN URL is set by the origin application itself, not by the CDN.
No. There is no storage or access on the device by KeyCDN, so the ePrivacy consent requirement does not apply. The processing of IP addresses for routing and logging relies on legitimate interest under GDPR Art. 6(1)(f).
Legitimate interest (Art. 6(1)(f) GDPR) for the operation of the CDN as a necessary technical component of website delivery. Document this in a short Legitimate Interest Assessment.
For EU visitors, no by default: they are served from European edge PoPs and the control plane is in Switzerland, which benefits from an EU adequacy decision. Non-EU visitors may be served from US, Asian, or Oceanian PoPs, depending on geography.
Generally no. KeyCDN is a low-risk technical infrastructure component. Document it in your RoPA. A DPIA may be relevant if you cache responses containing special category personal data or large amounts of authenticated user content.
Sign the KeyCDN DPA, document it in your RoPA, mention KeyCDN and the Swiss adequacy decision in the privacy notice, set short log retention if granular logs are not needed, and configure caching to exclude authenticated routes with personal data.
EU-friendly CDN alternatives include Bunny CDN (Slovenia), Fastly (US, EU PoPs), Cloudflare (US, EU PoPs), CDN77 (Czech Republic), Gcore (Luxembourg), Frostbyte (EU), Akamai (US, global), and OVHcloud CDN (France).
KeyCDN does not set cookies, so no cookie policy entry is required. Mention KeyCDN in the privacy notice under technical subprocessors, with the Swiss processing location, the adequacy basis, and the DPA reference.