Ory Network now allows you to choose where your user's personal data - also known as personally identifiable information or PII - is stored geographically.
But wait, I thought Ory Network was a global network?
This choice affects your user's personal data only. That are email addresses,
phone numbers, devices, IPs and so on.
Ory distinguishes between personal data and operational data. Operational data is everything not personal data. That includes for example permissions, access tokens, sessions. Operational data is replicated globally across all Ory Network datacenter locations to give you the lowest possible latency and highest availability. Personal data stays in the region you choose.
Data privacy regulations like GDPR require you to safeguard your user's personal data. A common provision, known as data homing, data domiciling, and a slew of other terms, says that data must be kept inside the geographical boundaries of where that regulation is in effect.
Ory Network makes it easy to comply with data regulations, without sacrificing performance, availability, or ease of use.
How Ory is different
You’ve probably seen options to choose a deployment region for software in other products before. Typically, this choice affects everything: data storage location and where the software components are actually run. Different regional deployments in those products are distinct from one another. You might have a project based in the US and one in the EU. They are unaware of each other, and you have to manage them separately. You might not even be able to aggregate data between those deployments or query and manipulate your data across them in a uniform way.
Ory Network is different.
It is a single, global network, uniformly accessible from around the globe. No
regional endpoints, no regional deployments, no disjunct data, no divergence
between your projects in separate regions.
With Ory Network your user's personal data is still stored in the region you choose, and only there. You can focus on running your business, while we take care of compliance, no engineering effort is required.
What changes for you
The best news is that you don't have to do anything. Personal data storage is enabled for all projects, on any plan. Simply choose your storage location during project creation, and your users' personal data will be stored only there.
You can still query your data from anywhere in the world, of course. Ory Network will internally route your request to the location where it can best be served. If your request does not involve any personal data, we can serve it with the lowest possible latency from the geographical location closest to you. When you query or modify personal data, we will transparently route your request to the storage location where that data is held.
For existing projects, you can check the project settings in the Ory Console to find out where personal data is stored.
Global and US Continental storage locations
Ory Network enterprise customers have the option of choosing the "Global" personal data storage location. In this configuration, each of your individual users will still have their personal data stored in one region. That region is chosen based on the user's location on the first signup. Users from the EU will have their personal data stored in the EU, users from the US in the US, and so on.
This option is ideal for companies that have a global user base, yet want to comply with data privacy regulations. It allows you to store personal data in the region where your user is located, while still providing a uniform, global service.
Similarly, the "US Continental" storage location has your user's personal data stored geographically closest to them within the contiguous United States.
The Ory team is working on a Compliance API, which will allow you to move personal data between storage locations. Let's say one of your European users was visiting the US while signing up for your product. They would have their personal data stored in the US. Still, they are an EU citizen and will want to have their data stored there as well. You'll be able to perform a data move through the API and the Ory Console for them. No downtime or data loss, and no lost login session. Just shuffle the data over and be compliant.
Reach out
We're excited to roll out this feature and more like it in the future.
Reach out to us with questions or feedback.
Do we have your use case covered?
What would you like to see next?
We're looking forward to hearing from you!