DATA RESIDENCY
Where your data lives
All customer data is stored in the EU by default. This page describes exactly which infrastructure services we use, where they run, and what options enterprise customers have for stricter residency requirements.
Standard infrastructure posture
By default, all customer data is stored and processed within the EU. The following services handle customer data.
| Database | Neon PostgreSQL — Frankfurt, Germany (AWS eu-central-1). All application data, user data, audit logs, and AI outputs. |
| Application hosting | Vercel — compute region fra1 (Frankfurt). Edge cache nodes serve from nearest PoP; data is pinned to Frankfurt. |
| Transactional email | Resend — EU region (Dublin, Ireland). Handles login links, export notifications, and system alerts. |
| Error monitoring | Sentry — EU region (Germany). Stack traces and error context. PII scrubbing applied via beforeSend hook. |
| Product analytics | PostHog — EU cloud instance (eu.posthog.com, Frankfurt). User interaction events. No PII in event properties by default. |
| AI observability | Langfuse — EU cloud (Frankfurt). LLM call logs, prompt versions, evaluation results. |
AI / LLM compute location
| Standard | Anthropic Claude (Haiku, Sonnet, Opus) via API — US region. Anthropic does not yet offer an EU-region API endpoint. |
| EU-only customers | Azure OpenAI Service — Sweden Central or Germany West Central. Available on request for customers with EU-only data residency requirements. |
| SCC coverage | Standard Contractual Clauses (SCCs) are in place for Anthropic (US transfer). Prompts contain only workspace metadata and application attributes — no user PII. |
| Model training opt-out | Enforced via API agreement with Anthropic. Customer prompt data is not used to train models. |
| Zero data retention | Configured with Anthropic API. Prompts and completions are not retained by Anthropic beyond the request lifecycle. |
| On-premises / BYOK | Planned — no runtime support yet. Enterprise customers may supply their own Anthropic or Azure OpenAI API key today (BYOL). |
Data residency policy (Atlas product feature)
Atlas supports a per-workspace data residency policy with three tiers. This controls which AI providers can be invoked for that workspace.
eu_onlyEU-only
All AI inference must use an EU-region endpoint. Anthropic (US) is blocked; Azure OpenAI EU is used instead. Enforced at the AI routing layer.
Available on requestus_okUS OK (default)
AI inference may use Anthropic Claude (US region). SCCs and zero-retention agreements are in place. Suitable for most mid-market EA teams.
Default for all workspaceson_premOn-premises
All AI inference runs on customer-supplied infrastructure. Requires BYOK or private cloud deployment. Runtime support under planning — not yet generally available.
Under planningPolicy is configurable under Atlas → Settings → Workspace. All policy changes are logged in the workspace audit log.
Sub-processors
The full sub-processor list with data categories, regions, and DPA links is maintained separately.
View sub-processor list →SCCs and GDPR-aligned transfers
| Role | Spekir operates as a data processor under GDPR. You are the data controller. |
| SCCs | Standard Contractual Clauses are in place for all non-EU sub-processors (currently Anthropic, Inngest). |
| DPA | A Data Processing Agreement is available on request. Email hello@spekir.com. |
| Supervisory authority | Datatilsynet (Danish Data Protection Authority) — datatilsynet.dk |
| What we do not claim | We do not claim GDPR compliance as a certification — no such certification exists. We claim GDPR-aligned operations: documented processes, DPA chain, and right-to-erasure implemented. |
Questions about data residency?
Procurement teams and legal reviewers often need a DPA, sub-processor notifications, or a custom residency configuration. We respond within two working days.
Talk to us about EA →