Platform Foundation

Data Residency

Canada (Toronto) by default. US data residency available on Enterprise. Backups, logs, and processing stay in the region you choose.

Why this matters for enterprise procurement

PIPEDA, the Canadian privacy commissioner, your provincial health authority, and your enterprise clients' procurement teams all ask the same question: where does the data physically live? FrontLine's default is Toronto, with US residency available on Enterprise — and the answer covers not just primary storage but backups, logs, and processing.

How it's implemented

Region-locked at provisioning, documented down to the egress path

Each tenant is provisioned in a region at signup. All primary data (PostgreSQL), search indexes, object storage (encrypted screenshots, exports, attachments), and background-job queues run in that region. Database backups and point-in-time recovery snapshots stay in-region. Logs and analytics events stay in-region. The only cross-region traffic is outbound transactional email through your configured SMTP relay, and that path is documented and excludable.

Capabilities

What's covered out of the box

Canadian data residency (Toronto region) by default

US data residency available on Enterprise (Virginia or Oregon)

Primary, backup, and analytics data all in-region

Region locked at tenant provision — no silent migration

Encryption at rest using AWS KMS keys in the same region

TLS 1.3 in transit for all client connections

Regional egress documented per data category

Disaster recovery within the same regulatory region

Standards & compliance

Audit-ready artifacts your reviewers can lean on

PIPEDA compliant — Canadian data residency by default
CCPA-aligned for US-region tenants
GDPR readiness for EU residency (roadmap)
SOC 2 Type II — data protection controls

Procurement FAQ

What security and compliance reviewers actually ask

Where exactly is the data stored?+

Toronto (Canada Central region) by default. The Enterprise plan offers Virginia or Oregon (US) regions. Backups and logs stay in the same region as primary data.

Does any data leave the region?+

Outbound transactional email through your configured SMTP relay is the only routine cross-region traffic. That path is documented in the security overview and can be replaced with an in-region relay.

Can we audit data location?+

Yes. The Compliance Dashboard shows the region per tenant and a quarterly attestation of data location is available on request.

How does data residency interact with disaster recovery?+

DR replicas live in the same regulatory region as primary data (e.g., Canada Central → Canada East for Toronto tenants). Failover does not cross the regulatory boundary.

Run this past your security team

We share security overviews, RLS policy DDL, audit-event schemas, and SOC 2 progress on request. Book a 30-minute security review with the founders.

Book a security review Back to the Atlas