Data Residency

Comma Compliance is hosted across Amazon Web Services (AWS) and Microsoft Azure. Both providers maintain the security, privacy, and resiliency certifications expected of regulated industries (including SOC 2, ISO 27001, HIPAA, and FedRAMP at the provider level).

Default region

By default, customer data is stored in the United States, in a two-region Azure deployment with WORM archival in AWS S3 (Object Lock, Compliance mode). All operational data, archival data, and backups remain in-region.

EU residency

EU residency is available on enterprise request. When elected, a dedicated environment is provisioned in Azure EU and AWS EU regions, and all operational data, archival data, and backups remain within EU borders.

EU residency is provisioned at deal time and is not a self-serve toggle. Customers with specific Member State residency requirements should raise these during procurement so the appropriate region pair can be selected.

Cross-region transfer

Customer data does not cross the elected region without explicit customer consent. Support access from outside the region is governed by the access controls described in Security architecture.

Subprocessors

The subprocessor categories listed on the Trust overview apply regardless of region. The named providers within each category may differ between US and EU deployments to maintain in-region processing. A region-specific named subprocessor list is available under NDA.

Document requests

Available under mutual NDA:

• Region-specific subprocessor register
• Standard Data Processing Agreement (DPA)
• Trust Whitepaper (NDA edition)

Contact: Zeeshan Gulzar, CTO/CISO - zeeshan@commacompliance.com