Privacy

We respect your privacy and follow industry standards to protect your personal information. Learn more about how your data is processed, transferred, and stored.

HCP data location overview

While some local, country-specific data privacy laws may require you to store your own data, the leading industry standards for data privacy encourage you to understand what data is stored and the shared responsibility for protecting that data.

HashiCorp's products and services give you different options to manage data storage, including selecting the regions you want to store specific data in.

Organizations can choose their cloud providers and regions for HCP Consul and HCP Vault to optimize network latency between these services and their applications and infrastructure. While this data is stored within the selected region, some data will also be transferred back to the United States for processing and storage.

Supported cloud provider and regions

When you create an HCP Consul or HCP Vault cluster, you must specify the cloud provider and region to host the cluster. The following tables lists the geographical boundary where data that can be stored is hosted.

Refer to the Product-specific data section for which product-specific data is stored.

AWS regions

You can select from the following AWS regions to host your HCP Consul or HCP Vault clusters.

RegionNameAvailable HCP Services
Oregonus-west-2Consul, Vault
Virginiaus-east-1Consul, Vault
Ohious-east-2Consul, Vault
Canada (Central)ca-central-1Consul, Vault
Irelandeu-west-1Consul, Vault
Londoneu-west-2Consul, Vault
Frankfurteu-central-1Consul, Vault
Tokyoap-northeast-1Consul, Vault
Singaporeap-southeast-1Consul, Vault
Sydneyap-southeast-2Consul, Vault

Azure Regions

You can select from the following Azure regions to host your HCP Consul or HCP Vault clusters.

RegionNameAvailable HCP Services
West US 2westus2Consul, Vault
Central UScentralusConsul, Vault
East USeastusConsul, Vault
East US 2eastus2Consul, Vault
Canada CentralcanadacentralConsul, Vault
West EuropewesteuropeConsul, Vault
North EuropenortheuropeConsul, Vault
France CentralfrancecentralConsul, Vault
UK SouthuksouthConsul, Vault
South East AsiasoutheastasiaConsul, Vault
Japan EastjapaneastConsul, Vault
Australia SouthEastaustraliasoutheastConsul, Vault

Product-specific data

This section details the product-specific data that HashiCorp stores and where it resides.

HCP Boundary

All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.

HCP Consul

The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.

  • Product encrypted snapshots

  • Operational (platform) logging

  • Operational metrics

  • Configuration data

  • Audit logs

HCP Packer

All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.

HCP Vault Radar

All customer data, including audit logs and backup snapshots, is stored in the United States. Customers cannot choose a different hosting location.

HCP Vault

The following data will be stored in the region you selected. However, there is no guarantee that the data will remain here. For example, processing of audit logs for download involves data moving across regions.

  • Product encrypted snapshots

  • Product Analytics

  • Customer-driven analytics

  • KMS keys

  • Operational metrics

  • Configuration data

  • Audit logs

Terraform Cloud

Terraform Cloud (TFC) is a multi-tenant service. Customer data is stored in the United States. Customers cannot choose a different hosting location.

Shared cloud services

User identity, billing, and operational information services that serve all products cannot be pinned to a region. We do not offer local storage of these services and the user account information in them. We only host this data within the United States to meet our customers' performance requirements. As such, we cannot support strict data residency to these services' data.

GDPR/CCPA compliance

HashiCorp is committed to protecting the privacy of individuals. We have built a global privacy program to adhere to the most stringent and applicable data protection requirements, such as the EU and UK General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA). A few of our key compliance activities include, but are not limited to:

  • Publishing a compliant and readily available Privacy Policy.

  • Establishing a data subject rights request process for individuals.

  • Requiring a duty of confidentiality of personnel with access to personal data.

  • Implementing and maintaining appropriate technical and organizational measures and providing an annual certification that evidences compliance with this obligation.

  • Performing a privacy risk review of all third parties with access to personal data, requiring execution of a Data Protection Addendum (DPA).

  • Complying with Standard Contractual Clauses concerning personal data transfers.

Data subprocessors

HashiCorp uses third parties or subprocessors to process personal HashiCorp customers' data in order to deliver and support our products or services. We perform privacy risk reviews on all subprocessors and require them to satisfy equivalent obligations as those that apply legally or contractually to HashiCorp as a data processor (within a DPA). For more details on our subprocessors and our due diligence process, refer to the subprocessors page.