All resources

European data, European servers: how we handle data residency

21 April 20265 min readData residencyGDPRCompliance

European clients, European servers. By default client projects run in Amsterdam and Frankfurt. Here is how data storage and residency is structured in Nordic AI deliveries.

When we build an Own or Lease solution for a Norwegian or European business, we keep data inside the EU/EEA by default. This is not a setting we use because it is the easiest. It is a deliberate choice we make because it is the best.

What 'inside the EU/EEA' actually means

EU/EEA data storage means physical storage and processing happens at data centres located in Europe. For us that concretely means: Railway (our PaaS for client projects) in Amsterdam, Neon Tech (Postgres and pgvector) in Frankfurt, and European GCP and Microsoft regions where those are in use.

Why we choose European regions

GDPR doesn't always require European data storage. It requires that data processing is lawful and that transfers outside the EEA are sufficiently safeguarded. But in practice European servers are the simplest, most predictable choice. They reduce legal complexity, make audits easier, and match Norwegian client expectations.

What about AI models

Anthropic is our primary AI provider. Model calls go to Anthropic's infrastructure per ToS. Per Anthropic's terms, client data is not used to train the models. For projects with extra-sensitive data, we route Anthropic models through AWS Bedrock, Google Vertex AI, or Azure in the client's own cloud tenant. That keeps model calls inside the client's perimeter.

The OpenAI exception

OpenAI is used only in the AI Pitch Analyzer (Whisper transcription). Anthropic is the primary choice elsewhere, but offers no voice model. In client products, Anthropic is the only AI provider unless the client has explicitly requested otherwise.

Configurable per project

GCP and Microsoft have many European regions. We configure per project to match the client's own preferences. If the client has existing agreements or preferences for a specific region (Norway, Sweden, Frankfurt), we honor that.

What about Lease

The Lease platform runs on the same infrastructure as Own: European servers by default, with room for client-specific tailoring. Operations and maintenance are Nordic AI's responsibility, but data location is documented in the client contract.

More detail

For the full overview of providers, regions, and DPA status, see /trust.

More from the blog