Data Residency & GDPR
EU-only infrastructure
All Adjudon infrastructure is located in the EU. No customer data leaves the EU.
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Database | MongoDB Atlas | Frankfurt (eu-central-1) | All trace data, audit logs, configurations |
| API Server | Fly.io | Frankfurt | Backend API processing |
| Dashboard & Docs | Cloudflare Pages | EU edge | Frontend delivery |
| Billing | Stripe | Ireland | Payment processing |
| Transactional email | Resend | EU | Auth emails, notifications |
Exception: OpenAI embeddings
Adjudon uses OpenAI embeddings for optional similarity search. Standard Contractual Clauses (SCCs) are in place per GDPR Chapter V. No customer data is returned from OpenAI — only embedding vectors are used for search indexing.
This feature is opt-in. If you require strict EU-only data processing with no exceptions, contact support@adjudon.com to disable it for your organization.
GDPR role
Adjudon is a Data Processor under GDPR Article 28. Your organization is the Data Controller.
A Data Processing Agreement (DPA) is required before using Adjudon in production. The DPA template is available on request — contact support@adjudon.com.
Subprocessors
| Subprocessor | Location | Purpose |
|---|---|---|
| MongoDB Atlas (AWS eu-central-1) | Frankfurt, Germany | Primary database |
| Fly.io | Frankfurt, Germany | API server hosting |
| Cloudflare | EU edge | Dashboard and docs CDN |
| Stripe | Ireland | Payment processing |
| Resend | EU | Transactional email |
| OpenAI | USA (SCCs) | Optional: embedding vectors only |
Data retention
| Plan | Default retention | Configurable range |
|---|---|---|
| Sandbox | 90 days | Not configurable |
| Scale | 90 days | 7–365 days |
| Governance | 90 days | 7–365 days |
| Enterprise | 90 days | 7–3650 days |
For organizations subject to BaFin or similar financial regulation, Adjudon recommends configuring retention to 5 years (1825 days). The technical maximum is 3650 days (10 years).
Right to erasure (GDPR Art. 17)
When a data subject requests erasure:
- The trace payload is nullified — set to
null - The audit log entry shell is preserved — the timestamp, event type, and chain position remain
- The SHA-256 hash chain stays intact — no chain entry is ever deleted
This approach satisfies the Right to Erasure while preserving audit log integrity, which is a competing legal requirement for compliance-regulated organizations.
Data at rest
All data at rest is encrypted using AES-256 (MongoDB Atlas encryption at rest). Encryption keys are managed by MongoDB Atlas and rotated on the standard AWS schedule.
Data in transit
All data in transit is encrypted using TLS 1.2 or higher. The API enforces HTTPS — HTTP requests are rejected.