Privacy & Compliance

Video Data Residency Requirements

Data residency requirements dictate where video can be processed geographically. This guide covers regional processing options, cross-border transfer mechanisms, and how to map your compliance requirements to processing regions.

Why Residency Matters

Regulations and contracts may require video to stay in specific jurisdictions:

Regulatory Requirements

  • GDPR: EU data should generally stay in EU or adequate countries
  • Government contracts: May require US-only or domestic processing
  • Sector regulations: Healthcare, finance may have geographic requirements
  • National security: Some data cannot leave the country

Contractual Requirements

  • Customer contracts specifying processing location
  • Data Processing Agreements with geographic restrictions
  • Industry certifications tied to data location

Risk Management

Even without requirements, you may prefer regional processing:

  • Reduce legal complexity
  • Minimize transfer risk
  • Improve latency

BetterVideo Processing Regions

RegionLocationKey ComplianceAvailability
USNorth AmericaSOC 2, HIPAA-readyAll tiers
EUFrankfurt, GermanyGDPR, EU-only processingPro and above
UKLondonUK GDPR, ICOPro and above
AUSydneyPrivacy Act 1988Enterprise
CAMontrealPIPEDA, Quebec Law 25Enterprise

Region Selection

Specify region in your API call:

POST /v1/enhance
{
  "video_url": "...",
  "region": "eu"
}

Video never leaves the specified region — upload, processing, and output all happen locally.

Cross-Border Transfer Mechanisms

When transfers are necessary, use appropriate safeguards:

Standard Contractual Clauses (SCCs)

EU-approved contract terms for transfers to non-adequate countries. BetterVideo's DPA includes SCCs for US processing.

Supplementary Measures

Post-Schrems II, SCCs may need supplementary measures:

  • Zero-retention: Video doesn't persist in destination country
  • Encryption: End-to-end encryption with EU-held keys
  • Transfer Impact Assessment: Evaluate destination country laws

Adequacy Decisions

Some transfers don't require SCCs:

  • UK → EU: Adequacy decision in place
  • EU → Canada (commercial): PIPEDA adequacy
  • EU → Japan: Adequacy decision

Compliance Mapping

GDPR Organizations

  • Use region: "eu" for EU-only processing
  • SCCs available for US processing if needed
  • Zero-retention reduces transfer risk

HIPAA Organizations

  • US processing is standard
  • BAA covers US infrastructure
  • No PHI leaves the US

FedRAMP Requirements

  • US-only processing required
  • FedRAMP-authorized infrastructure (enterprise)
  • Government-specific access controls

Multi-Region Organizations

  • Route by data origin
  • Multiple API keys per region
  • Centralized monitoring, distributed processing

Frequently Asked Questions

Yes — specify region: 'eu' and video will be uploaded, processed, and stored only in our Frankfurt region.

FedRAMP-authorized processing is available on enterprise tiers. Contact sales for government requirements.

You can route requests to appropriate regions based on user location or data origin. Multiple API keys help manage this.

Ready to get started?

Try BetterVideo's privacy-first video enhancement API — free sandbox, no credit card required.