How We Store Your Data
EU data residency, tenant isolation, encryption in transit, where each type of data lives, and what EgoZ never does with it.
This page explains how EgoZ stores your data securely — where it lives, how it's separated, how it's protected, and what we never do with it.
Where your data lives
The application and its primary database run in a single EU-West region. Nothing about your project is stored outside that region by default.
| Data | Where it's stored |
|---|---|
| Account data (name, email, hashed password) | EgoZ DB (EU-West) |
| Project configuration (settings, prompts, tool/endpoint definitions) | EgoZ DB (EU-West) |
| Knowledge base (documents + derived chunks & embeddings) | EgoZ DB (EU-West) |
| Conversations (messages/threads, token counts, model used) | EgoZ DB (EU-West) |
| Original uploaded files (optional backup) | Cloudflare R2 (EU) |
| Your provider key & webhook secrets | EgoZ DB (EU-West), encrypted — see BYOK |
Object storage is optional. When R2 isn't configured, RAG document content lives only in the EU-West database and no file originals are sent to Cloudflare.
How it's protected
- Tenant isolation. Every persisted row, every read, and every cache key is scoped by tenant. Isolation is structural — enforced in the data layer — so one project can never reach another's data.
- Encryption in transit. All API and Console traffic is served over HTTPS/TLS.
- Encryption at rest for secrets. Provider keys and webhook secrets are encrypted with AES-256-GCM before they're written (details on the BYOK page). The database itself is a managed, access-controlled service.
- Least-privilege operational access. Access to production systems is controlled and limited to what's needed to operate the Service.
- Scrubbed diagnostics. Error monitoring (Sentry) redacts PII before events leave the platform, so debugging data doesn't become a second copy of your content.
What EgoZ never does with your data
No training. No selling.
EgoZ does not use your Customer Content to train any models, and does not sell personal data. Your prompts, documents, and conversations are used only to run your project.
- Your knowledge, prompts, and messages are processed only to provide the Service — retrieval, tool execution, and storing conversations/usage for you.
- Data is transmitted to a model provider only when you configure one, using your key — see BYOK.
Roles & retention
- For account and billing data, EgoZ is the controller.
- For Customer Content (knowledge, prompts, messages, tool payloads), EgoZ is a processor acting on your instructions — you are the controller.
- Retention: Customer Content is retained until you delete it or close your account, after which it is deleted within the period stated in the Privacy Policy. You can delete threads and knowledge documents at any time from the Console.
The full picture — categories of data, legal bases, and your rights — is in the Privacy Policy and DPA.