Data Residency & GDPR
Choose where your data lives. Every API request, log, and metric stays in the region you select β no exceptions.
πΊπΈ
United States
AWS us-west-2 (Oregon). Optimized for North and South America.
PostgreSQL database (RDS)
S3 request log storage
GPU compute (EC2)
πͺπΊ
European Union
AWS eu-north-1 (Stockholm, Sweden). GDPR-compliant for European users.
PostgreSQL database (RDS)
S3 request log storage
GPU compute (EC2)
How It Works
When you create an account, you choose your data region. From that point on, every API request you make β including input text, compressed output, token counts, and request metadata β is processed and stored exclusively in that region.
Your API keys and billing records also live in your chosen region. No data crosses region boundaries.
GDPR Compliance
For EU customers, selecting the EU region ensures all API data is processed and stored exclusively within the European Union. We process data under the legal basis of contractual necessity.
Analytics and other tracking is disabled for EU users β no behavioral data leaves the EU.
Authentication is handled by Clerk, which processes EU user data in GDPR-compliant European facilities under their Data Processing Agreement.
Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Request deletion of your data
- Export your data
- Correct inaccurate data
- Object to processing
Contact team@thetokencompany.com to exercise any of these rights. We respond within 30 days.
Security
Encryption in transit
TLS on all connections
Encryption at rest
AES-256 on all storage
API key security
Keys are hashed before storage
Network isolation
Database access restricted via security groups
Region Migration
Your data region is selected during signup. If you need to migrate to a different region, contact team@thetokencompany.com and we will assist with the migration.