Data Residency
Data residency controls where your Xilos data is stored. Configure the region in Model Config to meet regional data protection requirements, such as GDPR's requirement for EU data residency or HIPAA's preference for US-based storage.
Supported Regions
| Region | Code | Data Location | Deployment Options |
|---|---|---|---|
| United States | us | US cloud region (AWS us-east-1 or equivalent) | Managed SaaS, Private Cloud, On-Premise |
| European Union | eu | EU cloud region (AWS eu-west-1 or equivalent) | Managed SaaS, Private Cloud |
| Asia-Pacific | apac | APAC cloud region (AWS ap-southeast-1 or equivalent) | Managed SaaS, Private Cloud |
| On-Premise | on-prem | Your data center | On-Premise only |
Configuring Data Residency
Open Model Config
Navigate to Settings → Model Config in the Xilos dashboard.
Select a Region
Choose the region that matches your data residency requirements: US, EU, APAC, or On-Premise.
Enable Enforcement
Toggle the Enforce region switch. When enabled, Xilos rejects any request that would route to a model hosted outside the configured region.
Save Configuration
Save your changes. The region applies to all new queries immediately. Existing data remains in its original region.
Warning: Changing the region does not migrate existing data. New queries are stored in the new region, but historical data remains in the original region. Contact Xilos if you need to migrate historical data.
Enforcement
When enforcement is enabled, Xilos checks every routing decision against the configured region:
- Cloud-hosted models — Xilos verifies the model provider's data center is in the configured region. If not, the query is rejected with a 403 error.
- Self-hosted models (On-Premise) — All models are local, so enforcement is inherently satisfied.
- Hybrid setups — If you use a mix of cloud and self-hosted models, only models in the configured region are available.
Info: Enforcement ensures that no query is processed by a model outside your configured region, even if a routing rule points to a non-compliant model. This is a safety net — your routing rules should already target compliant models.
GDPR and EU Residency
For GDPR compliance, configure the EU region:
- Set the region to
euin Model Config. - Enable enforcement to prevent any EU data from being processed by US- or APAC-hosted models.
- All query logs, audit trails, and configuration data are stored in the EU region.
See GDPR for more on data subject rights and EU data protection.
HIPAA and US Residency
For HIPAA compliance, configure the US region:
- Set the region to
usin Model Config. - Enable enforcement to ensure all processing stays within the US.
- Execute a BAA with Xilos (see HIPAA).
On-Premise Data Sovereignty
For On-Premise deployments, all data resides in your data center. The region is set to on-prem, and enforcement is inherently satisfied — no data leaves your premises.
Info: On-Premise deployments provide the strongest data residency guarantee: complete data sovereignty with no external dependencies. See the Three-Phase Journey for guidance on when to move to On-Premise.