> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medera.info/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Residency

> US, EU, MENA, and customer-VPC residency options.

Medera tenants are pinned to a region at creation and **never cross region boundaries**. Audio, video, transcripts, and PHI columns are stored and processed only in the selected region's infrastructure.

| Region           | Storage                                          | Compute          | Sub-processors         | Notes                   |
| :--------------- | :----------------------------------------------- | :--------------- | :--------------------- | :---------------------- |
| **US (default)** | AWS US-East (Virginia), US-West (Oregon)         | US               | US-only                | Default for new tenants |
| **EU**           | AWS EU-West (Ireland), EU-Central (Frankfurt)    | EU               | EU-only                | GDPR-aligned DPA        |
| **MENA**         | Customer VPC (typical) or AWS ME-South (Bahrain) | Customer / ME    | Per agreement          | Arabic (ar-SA) support  |
| **Customer VPC** | Customer-managed AWS / GCP VPC                   | Customer-managed | Per customer agreement | Enterprise plans        |

## What "never crosses" means

* Audio streams terminate inside the region

* Transcripts and PHI columns are stored only in the region's database

* Backups stay in the region

* LLM inference runs against region-pinned model endpoints

* Audit log replication stays in-region

* Email and SMS (voice carrier) route through regional voice carrier infrastructure where available

## Immutable selection

Region is chosen at tenant creation and is **immutable**.

Migration between regions requires explicit export + re-onboard.

## EU specifics

* AWS EU sub-processor list applies

* Sub-processors are EU-only (Medera reasoning EU endpoints, observability platform EU, error tracking EU, payment processor EU)

* Data Processing Addendum (DPA) under GDPR Art. 28

## MENA specifics

* Customer VPC is the typical deployment for ME-South

* Sub-processor list is per-customer agreement

* Arabic (ar-SA) BH-tuned speech is GA in this region

## Customer VPC

Enterprise tenants can run the Medera stack inside their own AWS or GCP VPC:

* Customer-managed encryption keys (CMK) for the KEK layer

* Customer-managed sub-processors

* Customer-controlled audit replication target

***

## What's next

<CardGroup cols={2}>
  <Card title="Sub-processors" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/link.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=44f5f1ae1b0122daa0138e9f47b49449" href="/compliance/sub-processors" width="40" height="40" data-path="icons/ui/link.svg">
    Per-region sub-processor list.
  </Card>

  <Card title="Encryption" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2" href="/compliance/encryption" width="40" height="40" data-path="icons/ui/lock.svg">
    Keys, rotation, BYOK.
  </Card>

  <Card title="HIPAA" icon="https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c" href="/compliance/hipaa" width="40" height="40" data-path="icons/ui/shield-check.svg">
    Security and Privacy Rule controls.
  </Card>

  <Card title="BAA / DPA" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/file-text.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=7cc7f358d5e4af95c1bc5110b45a9b68" href="/compliance/baa" width="40" height="40" data-path="icons/ui/file-text.svg">
    Business Associate Agreement.
  </Card>
</CardGroup>
