Privacy
We respect your privacy and follow industry standards to protect your personal information. Learn more about how your data is processed, transferred, and stored.
HCP data location overview
While some local, country-specific data privacy laws may require you to store your own data, the leading industry standards for data privacy encourage you to understand what data is stored and the shared responsibility for protecting that data.
HashiCorp's products and services give you different options to manage data storage, including selecting the regions you want to store specific data in.
Organizations can choose their cloud providers and regions for HCP Consul and HCP Vault to optimize network latency between these services and their applications and infrastructure. While this data is stored within the selected region, some data will also be transferred back to the United States for processing and storage.
Supported cloud provider and regions
When you create an HCP Consul or HCP Vault cluster, you must specify the cloud provider and region to host the cluster. The following tables lists the geographical boundary where data that can be stored is hosted.
Refer to the Product-specific data section for which product-specific data is stored.
AWS regions
You can select from the following AWS regions to host your HCP Consul or HCP Vault clusters.
| Region | Name | Available HCP Services |
|---|---|---|
| Oregon | us-west-2 | Consul, Vault |
| Virginia | us-east-1 | Consul, Vault |
| Ohio | us-east-2 | Consul, Vault |
| Canada (Central) | ca-central-1 | Consul, Vault |
| Ireland | eu-west-1 | Consul, Vault |
| London | eu-west-2 | Consul, Vault |
| Frankfurt | eu-central-1 | Consul, Vault |
| Tokyo | ap-northeast-1 | Consul, Vault |
| Singapore | ap-southeast-1 | Consul, Vault |
| Sydney | ap-southeast-2 | Consul, Vault |
Azure Regions
You can select from the following Azure regions to host your HCP Consul or HCP Vault clusters.
| Region | Name | Available HCP Services |
|---|---|---|
| West US 2 | westus2 | Consul, Vault |
| Central US | centralus | Consul, Vault |
| East US | eastus | Consul, Vault |
| East US 2 | eastus2 | Consul, Vault |
| Canada Central | canadacentral | Consul, Vault |
| West Europe | westeurope | Consul, Vault |
| North Europe | northeurope | Consul, Vault |
| France Central | francecentral | Consul, Vault |
| UK South | uksouth | Consul, Vault |
| South East Asia | southeastasia | Consul, Vault |
| Japan East | japaneast | Consul, Vault |
| Australia SouthEast | australiasoutheast | Consul, Vault |
Product-specific data
This section details the product-specific data that HashiCorp stores and where it resides.
HCP Boundary
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Consul Dedicated
The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.
Product encrypted snapshots
Operational (platform) logging
Operational metrics
Configuration data
Audit logs
HCP Packer
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Vault Radar
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Vault Dedicated
The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.
Product encrypted snapshots
Product Analytics
Customer-driven analytics
KMS keys
Operational metrics
Configuration data
Audit logs
HCP Terraform
HCP Terraform is a multi-tenant service. Customer data is stored in the United States. Customers cannot choose a different hosting location.
Shared cloud services
User identity, billing, and operational information services that serve all products cannot be pinned to a region. We do not offer local storage of these services and the user account information in them. We only host this data within the United States to meet our customers' performance requirements. As such, we cannot support strict data residency to these services' data.
GDPR/CCPA compliance
HashiCorp is committed to protecting the privacy of individuals. We have built a global privacy program to adhere to the most stringent and applicable data protection requirements, such as the EU and UK General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA). A few of our key compliance activities include, but are not limited to:
Publishing a compliant and readily available Privacy Policy.
Establishing a data subject rights request process for individuals.
Requiring a duty of confidentiality of personnel with access to personal data.
Implementing and maintaining appropriate technical and organizational measures and providing an annual certification that evidences compliance with this obligation.
Performing a privacy risk review of all third parties with access to personal data, requiring execution of a Data Protection Addendum (DPA).
Complying with Standard Contractual Clauses concerning personal data transfers.
Data subprocessors
HashiCorp uses third parties or subprocessors to process personal HashiCorp customers' data in order to deliver and support our products or services. We perform privacy risk reviews on all subprocessors and require them to satisfy equivalent obligations as those that apply legally or contractually to HashiCorp as a data processor (within a DPA). For more details on our subprocessors and our due diligence process, refer to the subprocessors page.