I maintain several apps that depend on database hosted by a 3rd party provider (Heroku PG, RDS, Compose, etc), is there anything special that should be documented besides how the information comes from the signup web UI and flows into the database hosted in a third party provider/controller? Also, if I hold signup information and IP addresses of EU citizens in such databases in a North America region, do I need to move it to an EU region?
You don't need to move data to an EU region, but you should disclose that data is moved internationally (ie. outside the EU). This is generally done through a "Transfer of Data" clause that looks like this:<p><a href="https://termsfeed.com/blog/wp-content/uploads/2018/03/adobe-privacy-policy-storing-securing-transferring-personal-information-clauses.jpg" rel="nofollow">https://termsfeed.com/blog/wp-content/uploads/2018/03/adobe-...</a><p>An example of consent from VSCO app for EU users to agree that data will be transferred outside the EU:<p><a href="https://termsfeed.com/blog/wp-content/uploads/2017/10/vsco-eu-consent-outside-eu-transfer-clickwrap-box-unchecked.jpg" rel="nofollow">https://termsfeed.com/blog/wp-content/uploads/2017/10/vsco-e...</a>