Can we keep EU data in the EU?

Yes. Select EU region(s) and enforce strict boundaries.

What happens if we breach a boundary?

In strict mode, the operation is blocked; in warn mode, it is logged. Check logs and fix misconfigurations.

Back to Blog

Setting Up Data Residency and Regional Compliance Controls in DigitalMeet

Tutorial

February 14, 2026

6 min read

Setting Up Data Residency and Regional Compliance Controls in DigitalMeet

Q: How do we change regions later?

Update data residency settings in the admin console; new data will follow the new rules; existing data may need to be migrated depending on policy.

Data residency and regional compliance controls ensure your meeting data is stored and processed where you need it. This tutorial walks you through setting them up in DigitalMeet—step by step, with configuration details for every option.

DigitalMeet mascot standing on a globe with data residency region pins for EU, US, and APAC, with compliance checkmarks and data routing arrows showing boundary enforcement — Data residency controls: configure where your meeting data is stored and processed to meet regional compliance requirements.

Before You Begin

Data residency configuration affects where all meeting artifacts—recordings, transcripts, documents, AI outputs, and analytics data—are stored and processed. Changes apply to new data immediately but do not retroactively move existing data. Plan your configuration carefully, especially if your organization operates across multiple regulatory jurisdictions.

Before starting, ensure you have administrator access and have reviewed your organization's compliance requirements. For background on DigitalMeet's data residency architecture, see Data Residency and Compliance.

Step 1: Choose Allowed Regions

In the admin console, navigate to Compliance > Data Residency > Regions. Select the region(s) where storage and processing are allowed for your organization.

Available Region Configuration

Region Code	Geography	Storage Available	Processing Available	Common Use Case
eu-west-1	EU — Ireland	Yes	Yes	GDPR-primary for EU organizations
eu-central-1	EU — Frankfurt	Yes	Yes	German data protection (BDSG)
us-east-1	US — Virginia	Yes	Yes	Default region for US-based organizations
us-west-2	US — Oregon	Yes	Yes	West coast latency optimization
ap-southeast-1	Asia Pacific — Singapore	Yes	Yes	APAC data residency
il-central-1	Israel — Tel Aviv	Yes	Yes	Israeli data protection requirements
Custom endpoint	Self-hosted	Yes	Yes	On-premise or private cloud deployments

Select one or more regions from the list.
Designate a primary region where new data is stored by default.
Optionally designate secondary regions for failover or multi-region teams.
For single-region compliance (e.g., all EU data stays in the EU), select only EU region(s).

Tip: If your organization has teams in multiple regions, consider configuring per-group boundaries (Step 3) rather than restricting the entire organization to a single region. This provides compliance without forcing all traffic through one geography.

Step 2: Set Data Boundaries

Data boundaries control where specific categories of data can be stored and processed. DigitalMeet supports four boundary types, each independently configurable.

Boundary Types

Boundary Type	What It Governs	Examples of Affected Data
Storage	Where files are written to object storage	Recordings, documents, transcripts, AI artifacts
Processing	Where compute operations run	Transcription, AI summarization, emotion analysis
Analytics	Where usage and quality data is aggregated	Meeting metrics, call quality scores, feature adoption
Webhooks	Where outbound event payloads are delivered	Integration callbacks, CRM sync payloads, alerting

Enforcement Mode Comparison

Mode	Behavior on Boundary Violation	Logging	Recommended For
Strict	Operation is blocked; error returned to caller	Violation logged with severity: critical	Production compliance, regulated industries
Warn	Operation proceeds; violation logged	Violation logged with severity: warning	Migration periods, configuration testing
Allow	No enforcement; boundary is informational	No violation logged	Development environments, non-regulated orgs

For each boundary type, select the allowed regions (from those enabled in Step 1).
Choose the enforcement mode: Strict for production compliance, Warn for testing.
Save each boundary configuration.

Important: Start with Warn mode and monitor the violation log for one to two weeks before switching to Strict. This catches misconfigurations—such as a third-party integration sending webhooks to an out-of-region endpoint—before they cause operational disruptions.

Step 3: Configure Per-Group Boundaries

For organizations with teams in different jurisdictions, configure boundaries at the group level rather than (or in addition to) the organization level.

Navigate to Compliance > Data Residency > Group Overrides.
Select the group (e.g., "EU Sales Team").
Set the allowed regions and enforcement mode for that group's data.
Group boundaries override organization defaults for users in that group.
Users in multiple groups inherit the most restrictive boundary.

Document which teams are assigned to which regions for audit purposes. This mapping is visible in the admin console's compliance report.

Step 4: Configure Custom Storage Routing

If your organization uses custom S3-compatible storage (on-premise MinIO, private cloud, or a dedicated AWS account), configure storage routing so DigitalMeet writes data to your infrastructure.

Navigate to Compliance > Data Residency > Storage Routing.
Click Add Custom Endpoint.
Enter the S3-compatible endpoint URL, access key, secret key, and bucket name.
Specify the region label for this endpoint (used in boundary matching).
Test the connection to verify credentials and permissions.
Assign the endpoint to the organization or to specific groups.

The region routing service applies these rules consistently across all storage operations—recordings, documents, transcripts, and AI artifacts all route through the same configuration.

Step 5: Verify Data Location

After configuration, verify that data is landing in the expected regions.

Run a test meeting with recording and transcription enabled.
After the meeting ends, navigate to Compliance > Data Residency > Data Location Report.
Confirm that the recording, transcript, and metadata appear in the configured region.
Check the boundary violation log for any warnings or errors.
If using custom storage, verify the file appears in your S3 bucket directly.

Step 6: Set Retention Policies

Retention policies control how long data is kept before automatic deletion. Configure them per meeting type to match different compliance requirements.

Navigate to Compliance > Retention Policies.
For each meeting type, set the retention duration (30, 60, 90, 180, 365 days, or custom).
Enable Export before delete if your compliance framework requires archival.
Set the notification period so admins are alerted before deletion occurs.
Choose the deletion type: soft delete (recoverable), hard delete (permanent), or compliance delete (GDPR right-to-be-forgotten).

For detailed retention and deletion options, see Data Residency and Compliance.

Step 7: Ongoing Monitoring

Data residency is not a set-and-forget configuration. Monitor boundary compliance continuously:

Review the Boundary Violation Log weekly during the first month, then monthly.
Run the Data Location Report after configuration changes or new team onboarding.
Export compliance reports for auditors on demand.
Update boundaries when regulations change or your organization expands to new regions.

For exporting compliance data to external monitoring tools, see Enterprise Observability.

Frequently Asked Questions

Can we keep all EU data in the EU?

Yes. Select only EU region(s) in Step 1 and enforce Strict boundaries for all boundary types. All new data will be stored and processed exclusively in the EU.

What happens if a boundary is violated in Strict mode?

The operation is blocked entirely. An error is returned to the calling service, and a critical-severity violation is logged. The affected data is not written to the out-of-boundary location.

How do we change regions later?

Update the data residency settings in the admin console. New data follows the new rules immediately. Existing data remains in its current location unless you use the data migration tool to relocate it.

Can different teams have different regions?

Yes. Use per-group boundary overrides (Step 3) to assign different regions to different teams. This is common for multinational organizations with EU and US teams.

Does boundary enforcement affect performance?

Boundary checks add negligible latency (typically under 5 ms). However, routing data to a geographically distant region can affect upload and download speeds. Choose regions close to your users for the best experience.

How do we handle data migration?

The admin console includes a data migration tool that relocates existing recordings, documents, and transcripts to a new region. The tool validates boundary compliance during migration and provides a detailed progress report.

Is self-hosted storage supported?

Yes. Configure custom S3-compatible endpoints (Step 4) for on-premise MinIO, private cloud, or dedicated AWS accounts. All boundary and routing rules apply identically to custom endpoints.

How do we prove compliance to auditors?

Export the Data Location Report, Boundary Violation Log, and Retention Policy Report from the admin console. These documents provide auditable evidence of where data is stored, how boundaries are enforced, and when data is deleted. See also GDPR Compliance for Video Conferencing.

For background on the architecture behind these controls, see Data Residency and Compliance. For general platform setup, see Getting Started with DigitalMeet.