Governance
Data residency, regional processing guarantees, and cross-border data transfer policies.
Data Governance
Skytells operates under strict data governance policies to ensure your data remains in the region where it originates. When you send a prediction request, the infrastructure routing, inference processing, and output delivery all occur within the same geographic region — your data never silently crosses borders.
Regional Processing
When a prediction request reaches the Skytells API, it is routed to the nearest regional inference cluster based on the request origin. The entire prediction lifecycle — input processing, model inference, and output generation — executes within that region.
What Stays Regional
| Data type | Regional guarantee |
|---|---|
| Input data (prompts, uploaded files) | Processed in-memory within the regional cluster. Never transferred to another region. |
| Model inference | GPU workloads execute exclusively on regional compute nodes. |
| Generated outputs | Stored on regional CDN origin storage during the 5-minute retention window. |
| CDN delivery | Outputs are served from edge nodes within the same geographic region. |
What May Be Global
Certain operational data — by its nature — is managed centrally. This data does not include your prompts, inputs, or generated content:
| Data type | Reason |
|---|---|
| Account management | User accounts, authentication, and team management are centralized for consistency. |
| Billing and invoicing | Payment processing runs through a centralized billing system (Stripe). |
| Aggregated analytics | Anonymized, aggregated usage metrics (total requests, average latency by region) for capacity planning. No individual request content is included. |
If your compliance requirements demand that all data — including account metadata — remains within a specific jurisdiction, visit skytells.ai/contact to discuss dedicated regional deployment options.
Supported Regions
| Region | Identifier | Inference | CDN Delivery |
|---|---|---|---|
| United States | us | US-East, US-West | North America edge network |
| European Union | eu | EU-West (Frankfurt, Amsterdam) | European edge network |
| Asia-Pacific | apac | APAC (Tokyo, Singapore) | Asia-Pacific edge network |
Region selection is automatic based on the originating request's geographic location. Enterprise customers can explicitly pin workloads to a specific region via project-level configuration.
Data Sovereignty
Skytells enforces the following data sovereignty guarantees:
| Guarantee | Detail |
|---|---|
| No silent cross-border transfer | Customer content (inputs and outputs) never leaves the processing region unless explicitly configured by the customer. |
| Regional compute isolation | Inference GPU nodes are provisioned and operated within each region. No shared compute pools across regions. |
| Regional storage | CDN origin storage for prediction outputs is regional. Files are not replicated to other regions. |
| Compliant transfers only | Where central services require transfer of operational metadata (billing, account info), transfers comply with applicable frameworks — EU SCCs, UK IDP Addendum, or recognized adequacy decisions. |
| Subprocessor transparency | All subprocessors and their processing locations are documented and available upon request. |
Cross-Border Data Transfers
For data that requires centralized processing (account management, billing), Skytells relies on the following legal mechanisms:
| Framework | Scope |
|---|---|
| EU Standard Contractual Clauses (SCCs) | Transfers of personal data from the EEA to non-adequate countries. Incorporated into the Skytells DPA. |
| UK International Data Transfer Addendum | Transfers from the UK under post-Brexit requirements. |
| Adequacy decisions | Where the European Commission or UK Secretary of State has recognized a country as providing adequate protection, transfers proceed under that recognition. |
What Is NOT Transferred Cross-Border
Regardless of legal mechanism, the following data categories never leave the processing region:
- Input prompts and parameters
- Uploaded files (images, reference material)
- Generated outputs (images, audio, video)
- Inference logs or GPU telemetry
Compliance by Region
| Regulation | Region | How Skytells Complies |
|---|---|---|
| GDPR | EU / EEA | Regional processing in EU clusters. DPA with SCCs available. Right to deletion honored within 30 days. |
| UK GDPR | United Kingdom | EU infrastructure with UK IDP Addendum. |
| CCPA / CPRA | California, USA | No sale of personal data. Deletion and access rights supported. |
| LGPD | Brazil | Data minimization and purpose limitation enforced. DPA available. |
| PIPEDA | Canada | Consent-based processing. Data access and correction rights supported. |
| APPI | Japan | Adequacy decision recognized. Regional processing available via APAC cluster. |
| Privacy Act 1988 | Australia | APAC processing. Data breach notification obligations met. |
Enterprise Governance
For organizations with strict regulatory requirements, Skytells offers:
| Feature | Description |
|---|---|
| Dedicated regional deployment | Pin all workloads — including account management — to a single jurisdiction. |
| Custom DPA | Tailored Data Processing Addendum reflecting your specific regulatory obligations. |
| Subprocessor notifications | Advance notice before any subprocessor change takes effect, with the right to object. |
| Audit rights | Contractual right to audit Skytells data handling practices or review third-party audit reports (SOC 2, ISO 27001). |
| Data residency attestation | Written confirmation of where your data is processed and stored. |
Visit skytells.ai/contact to discuss governance requirements for your organization.
Related
- Security — Secure by Design — Encryption, authentication, and infrastructure security.
- Security — Data Retention — Retention timelines and automatic purging.
- Privacy — Your Data — What data Skytells collects and your rights.
How is this guide?