Swif.ai offers EU data residency so that organizations with strict GDPR and Schrems II requirements can keep their MDM data stored and processed in the European Union.
This article explains how EU data residency works in Swif.ai, what data is stored in the EU, and how this supports your compliance needs.
For a high-level overview, see our EU Data Residency page: EU Data Residency
Who is this for?
EU data residency is designed for customers who:
Require that customer data is hosted in the EU (e.g., to reduce Schrems II risk)
Have internal or external auditors reviewing data location and processor chains
Need to demonstrate that logs, backups, and operational data remain within EU boundaries where feasible
If your minimum requirement is “data must be hosted in the EU,” Swif.ai’s EU region is built to meet that need.
What is EU data residency in Swif.ai?
When you use Swif.ai in the EU region:
Customer data is stored in EU-based infrastructure
Core service data and key metadata are processed within the EU where feasible
Sub-processors and infrastructure providers are limited to GDPR-adequate jurisdictions
Logs and backups for EU tenants remain within EU data-residency boundaries
Swif.ai acts as a data processor under GDPR, and you (the customer) remain the data controller for personal data processed via our MDM platform.
Data storage and processing locations
For customers onboarded to the EU region:
Your Swif.ai tenant is provisioned in EU-based infrastructure
Primary customer content and key metadata are processed within the EU
Data processing locations are restricted to GDPR-adequate regions
Swif.ai does not transfer EU customer data outside the EU except where strictly necessary for limited operational purposes (for example, specific support or security operations), and then only with appropriate safeguards in place.
Sub-processors and third‑party services
To deliver the EU service, Swif.ai uses a small set of carefully vetted sub‑processors. For EU customers:
Sub‑processors are vetted for security and compliance
Data processing locations are restricted to GDPR-adequate jurisdictions
Swif maintains a documented list of sub‑processors
Changes to sub‑processors follow contractual notification requirements
A full, current sub‑processor list is available upon request from our team.
Security and GDPR controls
Swif.ai implements technical and organizational measures designed to protect EU customer data, including:
Encryption in transit and at rest
Role‑based access controls to limit access to customer data
Secure key management practices
Access limited to authorized personnel and only for approved operational purposes (e.g., support, maintenance, security operations)
These controls are part of our broader security and compliance program and are aligned with GDPR expectations for data processors.
Logs, backups, and disaster recovery
For EU-region tenants:
Operational logs and backups for EU customers remain within EU data‑residency boundaries
Disaster recovery procedures are designed to respect regional data controls
Retention policies are configured to align with contractual and regulatory obligations
This is intended to ensure that even in “worst case scenarios” (failover, recovery, or incident response), your data residency commitments are preserved as much as technically possible.
Your role as data controller
Under GDPR:
Swif.ai supports your compliance obligations by providing:
A Data Processing Agreement (DPA)
Transparency into data storage and processing locations
Documentation to support audits, vendor reviews, and security assessments
We can provide enterprise customers with:
Data flow descriptions
Sub‑processor disclosures
Additional security and compliance artifacts as part of your review process
How to get an EU-hosted Swif.ai tenant
If you are a new or existing customer and want your tenant hosted in the EU:
Contact our team and indicate that you require EU data residency for your Swif.ai environment.
Our team will:
Confirm that you are onboarded into the EU region
Provide relevant DPA and sub‑processor documentation
Coordinate any migration or account‑level setup steps if needed
Note: Moving an existing, non‑EU tenant into the EU region may require additional planning and technical validation. Talk to our team early if this is a requirement.
Frequently asked questions
Are you part of the Data Privacy Framework (DPF)?
Many customers review the Data Privacy Framework (DPF) (see Data Privacy Framework as part of their Schrems II / GDPR analysis. Swif.ai’s EU data residency is specifically designed so that:
Customer data is hosted in the EU, minimizing reliance on cross‑Atlantic transfer mechanisms
Access and processing by non‑EU services are either avoided or tightly controlled and protected by appropriate safeguards
For detailed legal positioning (including how we address DPF, SCCs, and Schrems II), please refer to our legal documentation and DPA or contact our team for the latest information.
Can I get documentation for my legal and security review?
Yes. For enterprise customers, we can provide:
Data processing and data flow documentation
Sub‑processor list and locations
Relevant security and compliance artifacts
Related resources
Swif.ai EU Data Residency overview: EU Data Residency
If you have specific regulatory questions (for example, about Schrems II or internal policy requirements), please reach out to our team so we can assist with the correct documentation and configuration for your tenant.