Why EU Residency Matters
Data Sovereignty
Your jurisdiction, your rules
When your data is in the EU, it's governed by EU law. GDPR provides some of the world's strongest data protection rights.
No third-country uncertainty
Data transfers to countries without adequate protections create legal complexity and risk. Keep it simple: keep it in the EU.
Corporate governance
Many organizations require EU data residency for compliance with internal policies, customer contracts, or regulatory requirements.
Privacy as a Right
GDPR protection
Right to access, correct, erase, port your data, and object to processing.
Privacy by design
Repolaris is built with privacy as a core principle, not an afterthought.
Trust and Transparency
Clear data location
Know exactly where your data is. No ambiguity, no surprises.
Transparent operations
Documented subprocessors, clear data flows, accessible policies.
Our Infrastructure
Primary Region
Amsterdam, Netherlands
- Operated by Scaleway
- State-of-the-art facility
- High availability design
- Renewable energy
Backup Region
Paris, France
- Geographic redundancy
- Automated failover
- Disaster recovery
No Third-Country Transfers
EU-only processing
All data processing happens within the European Union. We do not transfer data to countries outside the EU/EEA.
EU-based subprocessors
All our subprocessors that handle customer data are located in the EU.
No US parent company
Repolaris is a European company. We're not subject to US jurisdiction requirements that might compel data disclosure.
Data Protection
At Rest
- AES-256 encryption
- Keys managed in EU infrastructure
- Customer-managed keys available (Enterprise)
In Transit
- TLS 1.3
- EU-based certificate authorities
- No data exposure during transfer
Access Controls
- Minimal employee access
- All access logged
- Regular access reviews
Why Choose EU-Based
| Concern | US-Based Providers | Repolaris |
|---|---|---|
| Data location | Often unclear | Always EU |
| CLOUD Act exposure | Yes | No |
| GDPR enforcement | Complex | Native |
| Schrems II compliance | Requires SCCs | N/A (EU-only) |
| FISA concerns | Yes | No |
The Schrems II Problem
The Schrems II ruling invalidated the EU-US Privacy Shield and raised questions about data transfers to the US. With Repolaris:
- • No data transfers outside EU
- • No reliance on Standard Contractual Clauses for US transfers
- • No supplementary measures needed for US jurisdiction
Enterprise Controls
Dedicated infrastructure
Single-tenant deployment in the region of your choice.
Customer-managed encryption
Bring your own encryption keys. You control access.
Air-gapped deployment
Fully isolated environment with no external network access.
Private connectivity
VPN or private link connections to your Repolaris instance.
Frequently Asked Questions
Where exactly is my data stored?
Your data is stored in Scaleway data centers in Amsterdam (primary) and Paris (backup). Both are in the EU.
Do you transfer any data outside the EU?
No. All data processing happens within the EU. Our subprocessors are all EU-based.
What about your employees?
Our team members who may access customer data are located in the EU and work under EU employment and data protection law.
Can I get single-tenant EU hosting?
Yes. Enterprise customers can have dedicated infrastructure in their preferred EU region.
What if I need data in a specific EU country?
Enterprise customers can select specific regions. Contact sales to discuss requirements.
How do you handle government requests?
We comply with valid legal process from EU authorities. We challenge requests we believe are unlawful. We notify customers when legally permitted.
Resources
Documentation
Contact
- Privacy questions: privacy@repolaris.io
- DPO contact: dpo@repolaris.io
- Enterprise: enterprise@repolaris.io