> ## Documentation Index
> Fetch the complete documentation index at: https://docs.orq.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# European Data Residency FAQ

> Orq.ai is built in Europe. Platform data stays in the EU by default, GDPR-compliant by design, with VPC and sovereign deployment options for full control.

**Orq.ai** is a European company. Every customer's data stays in the EU by default, no configuration required. There is no US region; all **Orq.ai** platform infrastructure is EU-only.

## Sovereignty

**What does sovereignty mean in the context of an AI platform?**

Full sovereignty means no third party (including a cloud provider, a parent company, or a foreign government) can compel access to the customer's data or infrastructure. It operates at three layers:

* **Business entity**: the contracting company is governed by EU law and not subject to foreign surveillance frameworks.
* **Infrastructure**: the compute and storage that runs the platform is under the customer's control.
* **Data**: data is stored and processed exclusively within EU jurisdiction, and the customer controls what is retained and what is masked.

**Orq.ai** addresses all three layers.

**What is Orq.ai's legal and corporate structure?**

**Orq.ai** is incorporated and headquartered in the European Union. Contracts are governed by EU law. There is no US parent company and no ownership structure that would expose customer data to US surveillance frameworks such as the CLOUD Act. Engineering, operations, and support are EU-based.

**What deployment options are available for infrastructure sovereignty?**

| Model                           | Description                                                                                                                                                                              |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Orq.ai Cloud**                | Fully managed, hosted in EU data centers. No setup required.                                                                                                                             |
| **Virtual Private Cloud (VPC)** | **Orq.ai** runs inside the customer's own AWS or Azure account, fully isolated within the customer's network. The customer owns and controls the compute and storage.                    |
| **Dedicated Cloud / On-prem**   | **Orq.ai** deployed on any cloud or on-premises infrastructure of the customer's choice. Suitable for organizations that require full hardware-level control or air-gapped environments. |

For VPC and Dedicated Cloud / On-prem options, see [VPC Deployment](/docs/enterprise/vpc-deployment) or contact [support@orq.ai](mailto:support@orq.ai).

## Data Residency

**Is EU residency an option or the default?**

It is the default and the only option. Every **Orq.ai** customer has their data stored and processed in the European Union.

**Does data ever leave the EU?**

All **Orq.ai** platform data (traces, logs, datasets, prompts, evaluations, and workspace configuration) is stored and processed exclusively within the European Union. Data never leaves EU jurisdiction at the platform layer.

Model API calls are routed to the model provider of the customer's choice. Customers retain full control over which providers they use and can restrict selections to providers that offer EU-region inference or zero data retention commitments.

**Can model inference stay within the EU?**

Yes. Many providers in **Orq.ai**'s model catalog offer EU-region inference endpoints, including (but not limited to) Anthropic Claude and Amazon Nova via [AWS Bedrock](/docs/integrations/providers/aws-bedrock) EU, [Azure OpenAI](/docs/integrations/providers/azure) in EU regions, [Google Vertex AI](/docs/integrations/providers/vertex-ai) in EU regions, and [Mistral AI](/docs/integrations/providers/mistral) (a European company whose API processes data under EU jurisdiction). Model IDs for EU-region Bedrock deployments carry the `aws/eu.*` prefix. See the [Supported Models](/docs/proxy/supported-models) page for the full list.

The **AI Gateway** includes a built-in **Zero Data Retention (ZDR) filter**. When enabled, the model pool shows only providers that guarantee no request data is retained after the call completes. See [Sovereign AI](/docs/enterprise/sovereign-ai) for details.

## Privacy and GDPR

**Is Orq.ai GDPR compliant?**

Yes. **Orq.ai** is GDPR compliant. Compliance is maintained and monitored continuously through Vanta. The real-time compliance status is available at [trust.orq.ai](https://trust.orq.ai).

**How can my organization use Orq.ai and remain GDPR compliant?**

**Orq.ai** provides the controls needed to operate under GDPR:

* **Input and output masking**: Mark input variables as PII; they are sent to the model but never stored. Mask entire model responses so they are never persisted. See [Data Compliance](/docs/administer/data-compliance) for details.
* **EU-only model routing**: Use the [AI Gateway](/docs/router/overview) to restrict traffic to EU-region inference providers, or enable the built-in ZDR filter to limit routing to providers with zero data retention guarantees.
* **Data Processing Agreement**: **Orq.ai** acts as a data processor under Article 28 GDPR. A DPA is available on request; contact [privacy@orq.ai](mailto:privacy@orq.ai).
* **VPC / On-prem deployment**: For the highest level of data control, run **Orq.ai** inside the customer's own infrastructure so no platform data leaves the customer's environment.

**Does Orq.ai use platform data to train models?**

No. Data that flows through **Orq.ai** is never used to train or fine-tune any models. Input and output data are processed for observability and evaluation purposes only.

**Does Orq.ai act as a data processor under GDPR?**

Yes. When processing personal data on behalf of customers, **Orq.ai** acts as a data processor under Article 28 GDPR. A Data Processing Agreement (DPA) is available. Contact [privacy@orq.ai](mailto:privacy@orq.ai) to request one.

## Security and Compliance

**SOC 2 Type 2** certified and **GDPR** compliant, with compliance continuously monitored through **Vanta**. Up-to-date audit reports and certification status are available at the [Orq.ai Trust Center](https://trust.orq.ai).

<Card title="trust.orq.ai" icon="shield-check" href="https://trust.orq.ai">
  Real-time certification status, audit reports, and security documentation.
</Card>

## Plans and Pricing

**Is EU data residency available on all plans?**

Yes. EU data residency is included in every plan.

**Is there a pricing difference for EU residency?**

No. Pricing is consistent across all plans. See [Billing and Usage](/docs/administer/billing-usage) for details.