Compliance
Where your data lives
US East by default. EU West for EU customers. Full sub-processor disclosure below.
Regions
US East
ActiveDefault region for all customers. Database, file storage, and API processing.
Provider: Railway (AWS us-east-1). Available on: All tiers.
EU West
ActiveAvailable for EU customers on Studio, Scale, and Enterprise tiers. Full data isolation from US region.
Provider: Railway (AWS eu-west-1). Available on: Studio + Scale + Enterprise.
Asia Pacific
Planned Q4 2026Singapore region for Asia-Pacific customers. Contact sales for early access.
Provider: Railway (AWS ap-southeast-1). Available on: Scale + Enterprise.
Sub-processors
These services process data on our behalf. We disclose every sub-processor, their location, and what data they receive.
| Service | Location | Purpose | Data shared |
|---|---|---|---|
| Stripe | US | Payment processing | Email, payment method, billing address |
| Klaviyo | US | Email delivery | Email, subscription preferences |
| FairStack | US | Image generation | Brand DNA (for generation only, not stored) |
| Anthropic | US | Copy generation (Claude) | Brand DNA + brief (for generation only, not stored) |
| Cloudflare | Global CDN | CDN + WAF | Request metadata, cached assets |
| PostHog | US | Analytics | Usage events (anonymizable via cookie consent) |
| Sentry | US | Error tracking | Error logs (no PII in production) |
Request EU data residency
EU data residency is available on Studio ($99/mo), Scale ($299/mo), and Enterprise (custom) tiers. Your Brand DNA, generated assets, and metadata are stored exclusively in EU West (AWS eu-west-1, Ireland).
To enable EU residency, email hi@maniai.com with your account email and we will migrate within 48 hours.
GDPR and Schrems II
For EU customers on the EU West region, all primary data (Brand DNA, generations, metadata) stays within the EU. Sub-processor data flows to US-based services (Stripe, Klaviyo, Anthropic) are covered by Standard Contractual Clauses (SCCs) and supplementary measures per Schrems II requirements. We maintain a Data Protection Impact Assessment (DPIA) available on request.
Related: Data portability · Security · Privacy · AI ethics