Appearance
Data residency
Data residency describes where data is stored or processed. Evaluate sovereignty, certification, support access, and subprocessor activity as separate requirements.
Current deployment
Dataplicity's core production control plane and durable customer data stores are deployed in AWS US East (N. Virginia), us-east-1. Remote-access services can use deployment capacity in the United States and Europe.
Core organisation data uses the US deployment, and remote-access routing can use the primary US service region. Customer-selectable region pinning is not currently available.
Therefore:
- United States: default location for core production service data
- Europe: available for regional remote-access capacity where enabled; confirm active routing and any EU-only requirement in writing
For EU-only or US-only handling, ask Dataplicity to confirm the exact data categories, services, subprocessors, routing, backup locations, support access, and contractual terms before purchase or deployment. Put the required region commitment in your signed agreement.
Data categories and location considerations
| Data category | Current deployment | Routing and processing considerations |
|---|---|---|
| Account, organisation, customer, and device records | Stored in the US core production database | Data can be viewed by authorized support personnel and sent to integrations when requested |
| Audit, monitor, incident, and operational records | Stored with the US control plane | Customer-configured exports can create additional copies in the customer's systems |
| Device and service logs | Ingested and retained in US production logging services by default | Retention differs by log stream; exports and alert integrations follow the destination selected by the customer |
| Remote terminal, file, fleet, and AI-assisted command records | Routed through remote-access and control-plane services; retained command metadata, job results, or bounded audit output is stored with the US control plane | Network transit may use regional infrastructure; device-side files remain on the device until requested or transferred |
| Uploaded files, firmware, documentation, and generated artefacts | US object storage in the current production environment | Public delivery can use content-delivery infrastructure and caches outside the origin region |
| Backups and disaster-recovery copies | Database backups and configured backup copies are in the United States | Backup retention varies; no public contractual RTO or RPO is claimed |
| Billing and payment data | Core subscription references can be stored in the US control plane | Billing and payment providers process data under their own regional and contractual arrangements |
| Support communications | Relevant account, diagnostic, and correspondence data can be handled in support systems | Provider locations, support personnel locations, and lawful access can cross regions |
| Analytics and product communications | Limited account and usage data can be sent to configured analytics or communications providers | Provider routing and retention apply |
| AI assistant input and output | Conversation and audit records can be stored with the US control plane | Model processing can use provider-managed or cross-region capacity; no EU-only AI processing guarantee is claimed |
Encryption and regional controls
The current production database, object storage, and backup vaults use encryption at rest. Public service connections use TLS in transit. Encryption does not by itself make data resident in a region, and a regional origin does not prevent authorized cross-border access or provider processing.
Core production backups are configured separately from the live database, including copies to a dedicated backup account in the same US region. This improves recovery isolation but is not a formal recovery objective or a guarantee that every service category has identical backup coverage.
Third parties and subprocessors
Dataplicity uses third parties for core cloud hosting and can use providers for billing, payment, email, support, analytics, security monitoring, and AI processing. These services can process limited data outside the core hosting region. Customer-enabled integrations can also send data to destinations selected by the customer.
Contact support@dataplicity.com to request the current subprocessor list, a data processing agreement, or a review of a specific transfer requirement.
Contractual status
This page describes the currently verified technical deployment and is not a contractual residency commitment. Region pinning, geographic support restrictions, subprocessor limits, data-return or deletion terms, and regulatory requirements must be stated in a signed agreement to be binding.
Changes to architecture, providers, and routing can change the technical footprint. Confirm time-sensitive residency requirements during the security review process.