How We Store Your Data
EU data residency, tenant isolation, encryption in transit, where each type of data lives, and what EgoX never does with it.
This page explains how EgoX stores your data securely — where it lives, how it's separated, how it's protected, and what we never do with it.
Where your data lives
The application and its primary database run in a single EU-West region. Nothing about your project is stored outside that region by default.
| Data | Where it's stored |
|---|---|
| Account data (name, email, hashed password) | EgoX DB (EU-West) |
| Project configuration (settings, prompts, tool/endpoint definitions) | EgoX DB (EU-West) |
| Knowledge base (documents + derived chunks & embeddings) | EgoX DB (EU-West) |
| Conversations (messages/threads, token counts, model used) | EgoX DB (EU-West) |
| Original uploaded files (optional backup) | Cloudflare R2 (EU) |
| Your provider key & webhook secrets | EgoX DB (EU-West), encrypted — see BYOK |
Object storage is optional. When R2 isn't configured, RAG document content lives only in the EU-West database and no file originals are sent to Cloudflare.
How it's protected
- Tenant isolation. Every persisted row, every read, and every cache key is scoped by tenant. Isolation is structural — enforced in the data layer — so one project can never reach another's data.
- Encryption in transit. All API and Console traffic is served over HTTPS/TLS.
- Encryption at rest for secrets. Provider keys and webhook secrets are encrypted with AES-256-GCM before they're written (details on the BYOK page). The database itself is a managed, access-controlled service.
- Least-privilege operational access. Access to production systems is controlled and limited to what's needed to operate the Service.
- Scrubbed diagnostics. Error monitoring (Sentry) redacts PII before events leave the platform, so debugging data doesn't become a second copy of your content.
What EgoX never does with your data
No training. No selling.
EgoX does not use your Customer Content to train any models, and does not sell personal data. Your prompts, documents, and conversations are used only to run your project.
- Your knowledge, prompts, and messages are processed only to provide the Service — retrieval, tool execution, and storing conversations/usage for you.
- Data is transmitted to a model provider only when you configure one, using your key — see BYOK.
Roles & retention
- For account and billing data, EgoX is the controller.
- For Customer Content (knowledge, prompts, messages, tool payloads), EgoX is a processor acting on your instructions — you are the controller.
- Retention: Customer Content is retained until you delete it or close your account, after which it is deleted within the period stated in the Privacy Policy. You can delete threads and knowledge documents at any time from the Console.
The full picture — categories of data, legal bases, and your rights — is in the Privacy Policy and DPA.