Data Residency
Transparency about where your data is stored, processed, and how it flows through our infrastructure.
Last updated: January 2025
At a Glance
Primary Region
United States (US East)
Encryption
TLS 1.3 in transit, AES-256 at rest
Infrastructure
SOC 2 Type II certified providers
On This Page
Current Infrastructure
All customer data is currently processed and stored in the United States. We use enterprise-grade infrastructure providers that maintain SOC 2 Type II certification and implement industry-leading security practices.
Application Hosting
Vercel - Global edge network with primary compute in US East
- - SOC 2 Type II certified
- - ISO 27001 certified data centers
- - Global CDN for static assets
Database
Neon PostgreSQL - US East (AWS us-east-1)
- - SOC 2 Type II certified
- - AES-256 encryption at rest
- - Point-in-time recovery
Authentication
Clerk - US-based identity provider
- - SOC 2 Type II certified
- - Enterprise SSO support
- - MFA capabilities
Payments
Stripe - US-based payment processor
- - PCI DSS Level 1
- - SOC 2 Type II certified
- - Card data never touches our servers
Service Providers & Locations
Complete list of sub-processors and their data processing locations. All providers are bound by Data Processing Agreements and maintain appropriate security certifications.
Vercel Inc.
Application hosting, CDN, edge functions, serverless compute
Data processed: Application code, static assets, serverless function execution, access logs, IP addresses
Edge network spans 18+ regions globally for optimal performance
Neon (Neon, Inc.)
PostgreSQL database hosting
Data processed: All application data including user records, business data, transactions, audit logs
Data encrypted at rest with AES-256, in transit with TLS 1.3
Clerk, Inc.
Authentication, identity management, SSO
Data processed: User credentials, email addresses, profile data, session tokens, MFA secrets, authentication logs
Stripe, Inc.
Payment processing, subscription billing, invoicing
Data processed: Payment card details (tokenized), billing addresses, transaction history, subscription status
Card numbers never touch our servers - handled entirely by Stripe
Resend, Inc.
Transactional email delivery
Data processed: Email addresses, email content, delivery status, engagement metrics
Sentry (Functional Software, Inc.)
Error tracking, performance monitoring
Data processed: Error stack traces, performance metrics, user context (configurable), device info
PII scrubbing enabled to minimize personal data collection
Cloudflare, Inc.
DNS, DDoS protection, WAF (via Vercel)
Data processed: DNS queries, HTTP request headers, IP addresses for routing
Twilio Inc.
SMS messaging and notifications
Data processed: Phone numbers, SMS content, delivery status, messaging logs
Data Flow Diagram
Visual representation of how data flows through our infrastructure and between service providers.
Infrastructure Overview
User
Browser
Vercel
Application Server
US East
Resend
Sentry
Monitoring
Neon
PostgreSQL
US East
Clerk
Authentication
US
Stripe
Payments
US
All Data Encrypted
TLS 1.3 encryption for all data in transit. AES-256 encryption for data at rest. Card payment data is tokenized and never stored on our servers.
Authentication Flow
From: User Browser
To: Clerk (US)
Encryption: TLS 1.3
Authentication handled entirely by Clerk
Application Data
From: Vercel (US)
To: Neon PostgreSQL (US)
Encryption: TLS 1.3 + AES-256 at rest
Payment Processing
From: User Browser
To: Stripe (US)
Encryption: TLS 1.3
Card data never touches our servers
Email Delivery
From: Vercel (US)
To: Resend (US)
Encryption: TLS 1.3
Error Monitoring
From: Vercel (US)
To: Sentry (US)
Encryption: TLS 1.3
PII scrubbing enabled
Vercel Configuration
Our application is hosted on Vercel's enterprise infrastructure. Here's how our deployment is configured:
Serverless Functions
- Region:
iad1(US East) - Runtime:
nodejs20.x - Serverless functions run in US East by default
Edge Functions
- Status: Enabled
- Edge functions execute at the nearest edge location to the user
Edge Network Locations
Washington, D.C.
US(Primary)
San Francisco
US
Paris
FR
London
GB
Tokyo
JP
Sydney
AU
São Paulo
BR
Singapore
SG
Static Assets
Static assets (images, CSS, JavaScript) are distributed across Vercel's global edge network and served from the location nearest to each user for optimal performance.
International Data Transfers
For customers in the European Union, United Kingdom, or other regions with data transfer restrictions, we implement the following safeguards:
EU to US Transfers
- Primary: Standard Contractual Clauses (SCCs)
- Secondary: EU-US Data Privacy Framework
Additional measures:
- - All sub-processors have signed SCCs
- - Transfer Impact Assessments conducted
- - Supplementary measures implemented per Schrems II
UK to US Transfers
- Primary: UK International Data Transfer Agreement (IDTA)
- Secondary: UK Extension to EU-US Data Privacy Framework
Available & Planned Regions
Currently Available
United States
US East (N. Virginia)
Planned Regions
European Union
EU West (Ireland)
European Union (Germany)
EU Central (Frankfurt)
Asia Pacific
Asia Pacific (Singapore)
Timeline subject to change based on customer demand and regulatory requirements.
Enterprise Data Residency
Custom Data Residency Options
Enterprise customers with specific data residency requirements can work with our team to explore:
- Dedicated regional deployments (EU, UK, APAC)
- Data isolation guarantees
- Custom data processing agreements
- Compliance documentation and audit support
Need Custom Data Residency?
Contact our sales team to discuss your specific requirements.
Contact Sales