Data Residency

Data Residency Overview

Data residency refers to the physical or geographic location where data is stored and processed. Bugni Labs is committed to transparent data residency practices that align with regulatory requirements and client needs.

Default Data Locations

By default, we store and process data in:

  • Primary: United Kingdom
  • Secondary (if specified): European Economic Area (EEA)

Specific data center locations are documented in client agreements and can be confirmed upon request.

Cloud Infrastructure

We primarily use cloud infrastructure providers that offer UK and EU region options. Cloud providers are selected based on security, compliance certifications, and data residency capabilities.

Typical providers include:

  • AWS (London, Frankfurt, or other EU regions)
  • Google Cloud Platform (London, Belgium, or other EU regions)
  • Azure (UK South, UK West, or other EU regions)

Client-Specific Requirements

We accommodate client-specific data residency requirements including:

  • UK-only data storage
  • EEA-only data storage
  • Specific country or region requirements
  • On-premises or private cloud arrangements

These requirements are documented in contracts and technical specifications.

Data in Transit

Data in transit between services and regions is encrypted using TLS 1.2 or higher. We minimize data transfers outside primary regions and implement appropriate safeguards when necessary.

Backups and Disaster Recovery

Backup data is typically stored in the same region as primary data or within the UK/EEA. Geographic redundancy for disaster recovery is implemented within compliant regions unless otherwise specified.

Third-Party Services

Some third-party services (e.g., SaaS tools, analytics) may process data outside UK/EEA. We assess data residency as part of vendor due diligence and implement appropriate safeguards including Standard Contractual Clauses. See Data Transfers.

Regulatory Compliance

Our data residency practices comply with UK GDPR, EU GDPR, and sector-specific regulations. We monitor regulatory developments affecting data residency requirements.

Data Sovereignty

We respect data sovereignty principles. For clients in regulated industries or public sector, we provide enhanced data residency assurances and documentation.

Transparency and Documentation

We provide clients with:

  • Clear documentation of data locations
  • Data flow diagrams showing storage and processing locations
  • Subprocessor lists with locations
  • Notifications of any changes to data residency

Changes to Data Residency

Any material changes to data residency (e.g., moving to new regions) require client notification and, where contractually required, consent. We provide advance notice and migration plans.

Requesting Information

Clients can request specific information about where their data is stored and processed. We respond to such requests promptly.

Contact

Data residency enquiries: dpo@bugni.io

Technical enquiries: architecture@bugni.io