Data Residency

Data Residency & Storage

Fintra stores customer data in managed Postgres (Supabase) hosted in the United States, with encrypted backups in the same region. For customers subject to GDPR, transfers are governed by a DPA with Standard Contractual Clauses, and our regional roadmap includes EU residency as demand warrants.

Primary storage

The system of record is Postgres, managed via Supabase, hosted in US cloud regions. All data is encrypted at rest with AES-256 and isolated per tenant with row-level security. Application compute runs in the same region as the database to keep data movement minimal and latency low.

Backups and durability

Availability is a data-residency question too - your books have to survive infrastructure failure without leaving the promised region.

  • Automated encrypted backups with point-in-time recovery.
  • Backups remain in the same geographic region as primary storage.
  • Restore procedures are tested on a recurring schedule, and results feed SentriAI’s availability controls.
  • Disaster-recovery objectives: RPO of 24 hours or better, RTO of 12 hours for full-region recovery (see the Status page for uptime commitments).

Cross-border transfers

Where customers or their end users are in the EEA/UK, Fintra acts as a processor under a DPA incorporating Standard Contractual Clauses (SCCs), with supplementary measures - encryption in transit and at rest, access controls, and audit logging - supporting transfer risk assessments. Subprocessors that may process data outside the primary region are disclosed in the subprocessor register.

Regional roadmap

EU data residency (EU-hosted database and compute) is on our roadmap and prioritized by customer demand; we’ll publish region availability here as it lands rather than pre-announcing dates. If residency in a specific region is a hard requirement for your business, tell us at security@fintrahub.com - real demand moves the roadmap.

Frequently asked questions

In which country is my data stored?

Primary storage and backups are in US cloud regions on managed Postgres (Supabase). Data is encrypted at rest and isolated per tenant.

Can I require my data to stay in the EU?

EU residency is on our roadmap but not yet generally available. Today, EEA/UK customers are covered by a DPA with SCCs plus technical safeguards. Contact security@fintrahub.com to register residency requirements - demand directly shapes prioritization.

Do backups leave the primary region?

No. Encrypted backups are stored in the same geographic region as primary storage, and restore testing happens within that region.

How fast can you recover from a regional failure?

Our disaster-recovery targets are an RPO of 24 hours or better (typically far less with point-in-time recovery) and an RTO of 12 hours for full recovery. Recovery procedures are exercised on a recurring schedule.

Questions about data residency?

Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.

Talk to our security team