Privacy
We respect your privacy and follow industry standards to protect your personal information. Learn more about how your data is processed, transferred, and stored.
HCP data location overview
While some local, country-specific data privacy laws may require you to store your own data, the leading industry standards for data privacy encourage you to understand what data is stored and the shared responsibility for protecting that data.
HashiCorp's products and services give you different options to manage data storage, including selecting the regions you want to store specific data in.
Organizations can choose their cloud providers and regions for HCP Consul and HCP Vault to optimize network latency between these services and their applications and infrastructure. While this data is stored within the selected region, some data will also be transferred back to the United States for processing and storage.
Supported cloud provider and regions
When you create an HCP Consul or HCP Vault cluster, you must specify the cloud provider and region to host the cluster. The following tables lists the geographical boundary where data that can be stored is hosted.
Refer to the Product-specific data section for which product-specific data is stored.
AWS regions
You can select from the following AWS regions to host your HCP Consul or HCP Vault clusters.
Region | Name | Available HCP Services |
|---|---|---|
Oregon | us-west-2 | Consul, Vault |
Virginia | us-east-1 | Consul, Vault |
Ohio | us-east-2 | Consul, Vault |
Canada (Central) | ca-central-1 | Consul, Vault |
Ireland | eu-west-1 | Consul, Vault |
London | eu-west-2 | Consul, Vault |
Frankfurt | eu-central-1 | Consul, Vault |
Tokyo | ap-northeast-1 | Consul, Vault |
Singapore | ap-southeast-1 | Consul, Vault |
Sydney | ap-southeast-2 | Consul, Vault |
Azure Regions
You can select from the following Azure regions to host your HCP Consul or HCP Vault clusters.
Region | Name | Available HCP Services |
|---|---|---|
West US 2 | westus2 | Consul, Vault |
Central US | centralus | Consul, Vault |
East US | eastus | Consul, Vault |
East US 2 | eastus2 | Consul, Vault |
Canada Central | canadacentral | Consul, Vault |
Canada East | canadaeast | Vault |
West Europe | westeurope | Consul, Vault |
North Europe | northeurope | Consul, Vault |
France Central | francecentral | Consul, Vault |
UK South | uksouth | Consul, Vault |
South East Asia | southeastasia | Consul, Vault |
Japan East | japaneast | Consul, Vault |
Australia SouthEast | australiasoutheast | Consul, Vault |
Product-specific data
This section details the product-specific data that HashiCorp stores and where it resides.
HCP Boundary
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Consul Dedicated
The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.
Product encrypted snapshots
Operational (platform) logging
Operational metrics
Configuration data
Audit logs
HCP Packer
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Vault Radar
All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.
HCP Vault Dedicated
The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.
Product Analytics
Customer-driven analytics
KMS keys
Operational metrics
Configuration data
Audit logs
HCP Terraform
HCP Terraform is a multi-tenant service. Customer data is stored in the United States. Customers cannot choose a different hosting location.
Shared cloud services
User identity, billing, and operational information services that serve all products cannot be pinned to a region. We do not offer local storage of these services and the user account information in them. We only host this data within the United States to meet our customers' performance requirements. As such, we cannot support strict data residency to these services' data.
GDPR/CCPA compliance
HashiCorp is committed to protecting the privacy of individuals. We have built a global privacy program to adhere to the most stringent and applicable data protection requirements, such as the EU and UK General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA). A few of our key compliance activities include, but are not limited to:
Publishing a compliant and readily available Privacy Policy.
Establishing a data subject rights request process for individuals.
Requiring a duty of confidentiality of personnel with access to personal data.
Implementing and maintaining appropriate technical and organizational measures and providing an annual certification that evidences compliance with this obligation.
Performing a privacy risk review of all third parties with access to personal data, requiring execution of a Data Protection Addendum (DPA).
Complying with Standard Contractual Clauses concerning personal data transfers.
Data subprocessors
HashiCorp uses third parties or subprocessors to process personal HashiCorp customers' data in order to deliver and support our products or services. We perform privacy risk reviews on all subprocessors and require them to satisfy equivalent obligations as those that apply legally or contractually to HashiCorp as a data processor (within a DPA). For more details on our subprocessors and our due diligence process, refer to the subprocessors page.
HCP Europe Data Location, Transfer, Purpose, and Processing
The table below shows how categories of data are handled, from where it resides to its purpose and processing details.
Category | Examples | Data Location | Purpose & Processing Details |
|---|---|---|---|
Terraform Application Data | Terraform state, environment variables, Sentinel policies. | Stored in Europe | Primary data for your infrastructure as code. |
Authentication | User account data (ID, name, email), 2FA recovery codes, SSH keys, OAuth tokens. | Transferred to US | For consistent user experience, account administration, and billing. |
Logs | Application logs, metrics, traces. | Stored in Europe | Service performance monitoring and troubleshooting Logs may be transferred to the US or accessed by authorized personnel outside the Europe. Only data attributes essential for operational purposes are transferred (see Note 1) |
Security Telemetry | Log entries & metadata from your Europe region. | Transferred to US | For security threat detection and incident investigation. Only data attributes essential for operational purposes are transferred (see Note 1) |
Product Analytics Data | Aggregated usage data, feature adoption metrics. | Transferred to US | For service performance and feature improvement. Data is aggregated/de-identified before processing. |
Usage Metrics | Aggregated data on user actions, consumption for billing. | Transferred to US | For consistent billing and business operations. |
Support Data | Information provided in a support ticket. | Transferred to US | For global support. Only data attributes essential for operational purposes are transferred (see Note 1) |
Data Subject Rights Requests Data | Data for complying with data subject rights requests under global data privacy laws. | Transferred to US | For centralized facilitation of data subject rights requests |
Note 1 HashiCorp may transfer customer data outside Europe for necessary operational or security monitoring. When we do, any customer data not strictly required for business purposes like security, support, or billing is automatically redacted. Authorized personnel outside Europe may access your data, but this access is limited to specific roles and is not used to store or save your data. To ensure full transparency and security, all access is tracked and auditable.