Video Data Residency Requirements
Data residency requirements dictate where video can be processed geographically. This guide covers regional processing options, cross-border transfer mechanisms, and how to map your compliance requirements to processing regions.
Why Residency Matters
Regulations and contracts may require video to stay in specific jurisdictions:
Regulatory Requirements
- GDPR: EU data should generally stay in EU or adequate countries
- Government contracts: May require US-only or domestic processing
- Sector regulations: Healthcare, finance may have geographic requirements
- National security: Some data cannot leave the country
Contractual Requirements
- Customer contracts specifying processing location
- Data Processing Agreements with geographic restrictions
- Industry certifications tied to data location
Risk Management
Even without requirements, you may prefer regional processing:
- Reduce legal complexity
- Minimize transfer risk
- Improve latency
BetterVideo Processing Regions
| Region | Location | Key Compliance | Availability |
|---|---|---|---|
| US | North America | SOC 2, HIPAA-ready | All tiers |
| EU | Frankfurt, Germany | GDPR, EU-only processing | Pro and above |
| UK | London | UK GDPR, ICO | Pro and above |
| AU | Sydney | Privacy Act 1988 | Enterprise |
| CA | Montreal | PIPEDA, Quebec Law 25 | Enterprise |
Region Selection
Specify region in your API call:
POST /v1/enhance
{
"video_url": "...",
"region": "eu"
}
Video never leaves the specified region — upload, processing, and output all happen locally.
Cross-Border Transfer Mechanisms
When transfers are necessary, use appropriate safeguards:
Standard Contractual Clauses (SCCs)
EU-approved contract terms for transfers to non-adequate countries. BetterVideo's DPA includes SCCs for US processing.
Supplementary Measures
Post-Schrems II, SCCs may need supplementary measures:
- Zero-retention: Video doesn't persist in destination country
- Encryption: End-to-end encryption with EU-held keys
- Transfer Impact Assessment: Evaluate destination country laws
Adequacy Decisions
Some transfers don't require SCCs:
- UK → EU: Adequacy decision in place
- EU → Canada (commercial): PIPEDA adequacy
- EU → Japan: Adequacy decision
Compliance Mapping
GDPR Organizations
- Use
region: "eu"for EU-only processing - SCCs available for US processing if needed
- Zero-retention reduces transfer risk
HIPAA Organizations
- US processing is standard
- BAA covers US infrastructure
- No PHI leaves the US
FedRAMP Requirements
- US-only processing required
- FedRAMP-authorized infrastructure (enterprise)
- Government-specific access controls
Multi-Region Organizations
- Route by data origin
- Multiple API keys per region
- Centralized monitoring, distributed processing
Frequently Asked Questions
Yes — specify region: 'eu' and video will be uploaded, processed, and stored only in our Frankfurt region.
FedRAMP-authorized processing is available on enterprise tiers. Contact sales for government requirements.
You can route requests to appropriate regions based on user location or data origin. Multiple API keys help manage this.
Ready to get started?
Try BetterVideo's privacy-first video enhancement API — free sandbox, no credit card required.