Your data, your jurisdiction, your rules. Delphi lets you pick the region where your data lives, pin processing to that same region, and document the whole arrangement for auditors and regulators. Whether you’re a US enterprise with state-level requirements, an EU controller under GDPR, or a sovereign customer with stricter needs, the platform adapts to you — not the other way around.
Choosing a region
When you provision a tenant, you choose a data region. Today that means US East (South Carolina), EU West (Belgium), or EU West (Frankfurt), and each region carries a clear jurisdiction label so you know exactly which legal framework applies.
Your selected region is where your dashboards, datasets, documents, audit logs, and streaming pipeline state are stored. Processing region can be set independently for hybrid setups — you might store in Frankfurt while allowing processing agents to run in Belgium, for example — or locked to the same region for stricter isolation.
If you don’t make a selection, your tenant defaults to US East. Regulated customers should choose explicitly during onboarding so there’s no ambiguity about where your data lands.
Sovereignty tiers
Delphi offers three sovereignty tiers so you can match the control level to the risk profile of your data.
Tier 0 — Standard. Data is stored in a provider-selected region. This is the right fit for teams whose data isn’t subject to specific residency requirements and who want the simplest setup.
Tier 1 — Regional. Your data is pinned to the region you chose. Storage never leaves that region, while processing infrastructure follows standard operational patterns. This tier suits most EU customers and US customers with state-level residency expectations.
Tier 2 — Sovereign. The strictest tier. Both storage and processing are locked to a single region — they must match, and the platform enforces this at the configuration layer. Every read and write is captured in an audit trail, and the tier is designed for customers with the highest regulatory bar: public sector bodies, defense-adjacent work, healthcare under strict national frameworks, and financial institutions with explicit sovereignty mandates.
What stays where
Once your region and tier are set, everything tenant-scoped stays there: dashboard configuration, connector state, ingested observations, RAG document chunks, org graph snapshots, KPI history, ledger entries, and audit records. Tenant isolation is logical and enforced by identifier across every storage and processing surface.
Customer credentials for enterprise connectors are held in a managed secret store and referenced by pointer rather than stored alongside your operational data. When a pipeline needs to call Salesforce, Slack, or your HRIS, it resolves the secret in-region and never copies it into long-term storage outside your boundary.
External sub-processors that touch data at all — streaming infrastructure, error monitoring, email delivery — are disclosed in your DPA, and you get 30 days notice before any change. If you’re on Tier 2, this list is kept deliberately narrow.
Hybrid cloud and bring-your-own data lake
Delphi’s data plane can be deployed inside a cloud account you already own and operate. Bring an AWS account, a GCP project, or an Azure subscription, and the Kafka-compatible streaming layer and object storage that ingest, normalize, and persist your operational signal live entirely there — under your IAM, on your billing line, in the region you choose. The platform runs on Kubernetes, so it slots into the same operational patterns your platform team already uses for everything else. Our control plane orchestrates and our agents reason; the data they reason over never leaves your perimeter.
This is the right fit for customers with bring-your-own-cloud mandates, customers who want their cloud spend on their own committed-use discounts, and customers in regulated industries where data egress is the part that’s hardest to defend in an audit. It pairs cleanly with Tier 2 sovereignty: lock the region, lock the account, and the only thing crossing the boundary is the agent reasoning itself.
Talk to us about which deployment model fits — we’ll scope the right shape for your team’s risk profile and operations capacity.
DPAs and compliance documentation
For EU, UK, and sovereign customers, Delphi provides a Data Processing Addendum covering GDPR Article 28 responsibilities, Standard Contractual Clauses for international transfers, breach notification within 72 hours, sub-processor disclosure, and data return or deletion on termination. Your chosen region and sovereignty tier are recorded in Schedule A of the DPA so there’s a signed record of what you picked.
On top of the DPA, Delphi surfaces the operational evidence your auditors actually ask for. The compliance dashboard tracks ISO 42001 control mapping and trust score metrics, and every data access, mutation, and admin action is written to an immutable, queryable audit log. Together they give you the paper trail to answer questions from regulators, customers, and your own risk team without pulling engineers off other work.
If you need a region, tier, or contractual term that isn’t listed here, talk to us — sovereign deployments are a conversation, and we’d rather scope it properly than hand you a one-size-fits-all answer.