AegeanAll legal docs

Data Residency

Where Aegean stores Customer personal data, why we picked that location, and what happens when data has to move.

Primary data residency

All Customer personal data processed by Aegean is stored within the European Union / European Economic Area. Specifically:

  • Production application + database + object store: Contabo VPS, Frankfurt, Germany.
  • Development / pre-production environment: Hetzner Online VPS, Falkenstein, Germany. No Customer production data lives here; it carries developer-test traffic only.
  • Off-host backups: encrypted backups of Postgres + DKIM keys, stored on a separate EU-resident destination for resilience.
  • Outbound mail relay: bundled Postfix container, runs alongside the application on the same VPS — same region as the application servers.

No replicas, read replicas, or asynchronous mirrors exist outside the EU/EEA.

Cross-border transfers

The only data flows that may cross the EU/EEA boundary are:

  • Customer-configured webhook deliveries — if your webhook URL resolves to a non-EU server, data is transferred to that destination. You choose where your webhooks point, so the transfer mechanism is your responsibility.
  • SMS carrier (engaged at SMS feature activation only) — see the subprocessors page. Where the carrier’s primary processing is outside the EU, Standard Contractual Clauses (Commission Decision 2021/914) are in place.

What you can verify

  • DNS resolution of api.aegeanengine.com and console.aegeanengine.com returns IP ranges in the declared region (Contabo Frankfurt).
  • The TLS certificate is signed by a publicly-trusted CA; you can validate the chain.
  • On request and subject to reasonable security review, Aegean will provide a tenant data-flow diagram during the audit window allowed under the Data Processing Agreement.

What changes trigger a residency notice

  • Adding a new physical region (even if EU-resident).
  • Changing primary infrastructure provider.
  • Onboarding a non-EU subprocessor.

Each of these triggers the 30-day notice procedure described on the subprocessors page.

Why we chose this posture

Aegean’s primary customer base is EU-resident. EU-only residency means:

  • No Chapter V transfer-mechanism overhead for the bulk of customer data.
  • No “Schrems II” exposure — data that never leaves the EU isn’t reached by the ECJ’s Privacy Shield invalidation.
  • Lower latency for EU customers.
  • A clear procurement answer to “where is our data?”.

The trade-off is non-EU customers may experience higher latency. We accept that until non-EU customer demand justifies a second region; multi-region adds significant operational complexity (data partitioning, residency-aware routing, separate replication chains) and is a roadmap item rather than a near-term commitment.