Data Residency
Where AuthorityRail processes and stores customer data, today and on roadmap.
Last revised: 2026-05-17 · Version v1.0
Today — US primary processing
All AuthorityRail data processing and storage occurs in US (us-east-1 / us-east4):
- Supabase (data plane, CAR ledger, signing keys, tenants, API keys, policy registry) —
us-east-1 - Railway (compute — gate, customer-api, verify, internal-ops, billing) —
us-east4 - Stripe (billing) — US primary, EU residency for EU customer subscriptions
- Cloudflare (CDN edge) — global edge POPs serve content; processing is US-primary
Customer export — available on all tiers
Customers can export their data at any time:
- CARs — full ledger export via customer-api authenticated endpoint. JSON envelope, locally verifiable with public Ed25519 key.
- API keys metadata — list, scope, last-used timestamps. Key material itself is hashed at rest and cannot be exported.
- Authority Decisions audit log — full per-tenant decision history.
- Usage events — for billing reconciliation.
Export is initiated from the customer dashboard (when wired) or via API. There is no per-export fee on any subscription tier.
Data lifecycle
- Active data — retained for the duration of the customer subscription.
- Certified Action Records (CARs) — retained for 7 years by default to support regulatory and audit obligations.
- Customer deletion — on customer request via [email protected], AuthorityRail deletes non-CAR customer data within 30 days. CARs are retained per the 7-year obligation unless customer requests explicit purge with documented regulatory basis.
- Account closure — 30-day data retention grace period before final deletion (so customers can recover from accidental closure).
Backups and recovery
- Supabase managed backups on the AR-managed project.
- Point-in-Time Recovery (PITR) targeted for activation per Sprint Closure #5 once the project is upgraded to the Pro tier.
- Disaster recovery runbook published at /trust/incident-response with RTO / RPO targets.
Roadmap — EU data residency
Planned H2 2026, demand-gated. EU data residency requires a separate Supabase project in the EU region, a separate Railway environment in an EU region (or AWS Frankfurt / GCP europe-west), separate signing keys, and an EU-routing layer on the gate.
The investment is justified by the first 3 EU customers with documented EU residency requirements. Until then, EU customers are served from US infrastructure with SCCs in place.
If you are an EU buyer with EU-residency as a procurement requirement, please contact [email protected] — your inquiry directly accelerates the roadmap.
Cross-border transfers
For customer data originating in the EU, UK, or Switzerland: Standard Contractual Clauses (SCCs) are in place with US sub-processors per the Sub-processor Disclosure. Transfer impact assessments available on request via the Data Processing Addendum.