Understanding data residency in IBM Cloud
IBM Cloud's global network of locations provides you with the flexibility of choosing where you want to run your workloads.
For regional and zonal services, you request instances of the service to be deployed in a specific region in accordance with your specific geographic requirements. IBM Cloud ensures that content that is provided by you and your workload (as defined in the IBM Cloud Service Agreement) is stored and processes locally in the selected region location. For a complete list of the locations where IBM Cloud services are available see Service and infrastructure availability by location.
IBM Cloud also maintains internal encrypted backups of the customer content within the same geography where the regional or zonal service is located for recovery in case of data corruption or a major data center disaster.
About your business contact and account usage information (as defined in the IBM Cloud Service Agreement), also called client’s metadata, IBM Cloud stores and processes them where the control planes of the regional and global services are located.
- Regional services typically have control planes that are located in the same region where you selected for the service except for the services indicated in Services with global control planes.
- Global services control planes locations are indicated in Global platform services.
For a complete list of data attributes that are stored and processed by each single IBM Cloud service you can refer to the documentation of the API of each service in the API and SDK reference library.
All data in transit is encrypted. Only TLS 1.2 and 1.3 are supported in IBM Cloud with TLS 1.1 and below explicitly disabled to prevent downgrading to a vulnerable version of the protocol.
IBM Cloud data privacy processing processes and procedures are documented within the IBM Cloud DPA. This Data Processing Addendum (DPA) and its applicable DPA Exhibits apply to the Processing of Personal Data by IBM Cloud on behalf of Client (Client Personal Data). The processing of Personal Data is subject to the General Data Protection Regulation 2016/679 (GDPR). It is also subject to any other data protection laws that are identified at Data Protection Laws in order to provide services (Services) according to the Agreement between Client and IBM Cloud. The IBM Cloud DPA can be found at Data Processing Addendum.
In addition to the DPA, the cloud services provide DPA exhibits that can be found on the IBM Cloud Terms site.