Skip to main content

Data Residency

HatiData gives you hard guarantees about where your data is processed and stored. Because the data plane (query proxy, query engine, local SSD cache) runs inside your VPC, data never leaves your network or your chosen cloud region. Region selection is made at provisioning time and cannot be changed after deployment without re-provisioning.

Available Regions

Region IDCloudLocationGDPR AdequateData Sovereignty Notes
us-east-1AWSN. Virginia, USANoGoverned by US law. Suitable for US-based customers and non-EU personal data.
eu-west-1AWSDublin, IrelandYesEU/EEA region. Personal data stays within the EEA. Meets GDPR Article 44 adequacy requirement.
ap-southeast-1AWSSingaporeNoPDPA-governed. Suitable for APAC customers subject to Singapore, Indonesia, or Malaysian data regulations.

GCP and Azure deployment targets in the same geographic zones are available for Enterprise customers. Contact sales@hatidata.com for region availability on non-AWS infrastructure.

What Stays in Your Region

The following components are deployed entirely within the selected region. No data crosses a regional boundary:

ComponentLocationData Stored
Query proxyYour VPC, selected regionNo persistent data; stateless process
Query engineSame instance as proxyIn-memory query execution only
Local SSD query cacheSame instance as proxyEncrypted ephemeral cache (LUKS AES-256-XTS)
Object storage (S3 / GCS / Azure Blob)Customer bucket, selected regionParquet data files, audit logs
Audit log storageSame S3 bucket, selected regionJSONL audit entries with 7-year retention

The control plane (authentication, billing, policy management) runs in HatiData's infrastructure. It stores only:

  • Organization metadata (name, tier, plan)
  • User records (email, role, hashed credentials)
  • Policy definitions
  • Anonymized billing metrics (query counts, credit consumption, latency distributions)

No query content, no query results, and no schema information is transmitted to the control plane.

GDPR Compliance

For deployments in eu-west-1, HatiData's architecture satisfies GDPR's geographic processing requirements:

Article 44 (Transfers to third countries): Personal data processed in eu-west-1 stays within the EEA. No cross-border transfer occurs unless you explicitly configure cross-region replication (Enterprise tier only). HatiData does not transfer EU personal data to non-adequate third countries.

Article 28 (Processor obligations): HatiData acts as a data processor. A Data Processing Agreement (DPA) is available on request, covering the required sub-processor list, data subject rights obligations, and security measures.

Article 32 (Security of processing): CMEK encryption, TLS 1.3 in transit, LUKS local SSD encryption at rest, and hash-chained audit logs satisfy the Article 32 technical and organisational measures (TOMs) requirement.

Article 17 (Right to erasure): Customer data is stored in the customer's own S3 bucket. Customers execute data subject erasure requests directly against their storage without any dependency on HatiData.

Selecting Your Region at Provisioning

Region is selected when creating an organization via the API or dashboard:

curl -X POST https://api.hatidata.com/v1/organizations \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Corp",
    "cloud_region": "eu-west-1",
    "tier": "cloud"
  }'

The cloud_region value is stored on the Organization record and is used by the cloud provisioner when deploying the data plane into your VPC.

Region is Immutable After Provisioning

Once an organization is provisioned, cloud_region cannot be changed. To move to a different region, provision a new environment in the target region and migrate your data via your storage layer.

Cross-Region Replication (Enterprise Only)

Enterprise deployments can configure cross-region replication for high availability or disaster recovery. This is an explicit opt-in configuration — replication does not occur by default.

# terraform/aws/environments/production.tfvars

enable_cross_region_replication = true
primary_region   = "eu-west-1"
replica_regions  = ["eu-central-1"]  # Frankfurt replica
replication_role = "arn:aws:iam::123456789012:role/s3-replication-role"

When cross-region replication is enabled:

  • Replication occurs only between customer-controlled S3 buckets in customer-chosen regions
  • HatiData infrastructure does not intermediate or inspect replicated data
  • Replication is configured via the customer's S3 bucket replication rules using standard AWS S3 replication
  • Audit logs record replication events for compliance traceability

For GDPR deployments, replica regions must also be within the EEA (e.g., eu-central-1, eu-north-1).

Data Sovereignty FAQ

Q: Where is my data processed? All query processing (parsing, transpilation, execution) occurs within your VPC in your selected region. No query content or results cross regional boundaries.

Q: Can HatiData move my data to a different region? No. HatiData infrastructure has no write access to your S3 bucket or compute resources. Only your IAM principals can move data.

Q: What happens to my data if I cancel? Your data remains in your S3 bucket — it is never deleted by HatiData. The compute resources (proxy instances, Auto Scaling Group, NLB) are terminated on cancellation. Local SSD caches are cryptographically erased using cryptsetup luksErase. No data is retained by HatiData.

Q: Does the audit log stay in my region? Yes. Audit logs are written to your S3 bucket in JSONL format, in the same region as your deployment. S3 Object Lock prevents modification or deletion for the configured retention period (default: 7 years).

Q: Who qualifies as a sub-processor? The only sub-processor is the cloud infrastructure provider in your selected region (AWS, GCP, or Azure). No other third-party services have access to customer data or metadata.

Stay in the loop

Product updates, engineering deep-dives, and agent-native insights. No spam.