Regions and data residency
Current region
| Active region | us-east (DigitalOcean NYC3, New York City) |
| Database | DigitalOcean Managed PostgreSQL 17, NYC3 |
| NFS storage | DigitalOcean Block Volume, NYC3 |
| Platform object storage | DigitalOcean Spaces (talkide-prod-space), NYC3 |
| Managed storage (user apps) | Cloudflare R2, Eastern North America |
| Kubernetes cluster | talkide-prod, NYC3 |
User applications deployed through TalkIDE are hosted on the same Kubernetes cluster as the platform.
Data categories and storage locations
| Data category | Storage | Location |
|---|---|---|
| Account and project metadata | PostgreSQL (control-plane cluster A) | NYC3 |
| Conversation history | PostgreSQL (control-plane cluster A) | NYC3 |
| App source code (working tree) | NFS volume backed by DO Block Volume | NYC3 |
| App database (per project) | PostgreSQL (data-plane cluster B, schema-per-app) | NYC3 |
| Managed storage: user app uploads and generated files | Cloudflare R2 (per-project bucket) | Eastern North America |
| Platform object storage (backups, exports, artifacts) | DigitalOcean Spaces (talkide-prod-space) | NYC3 |
| Platform logs | DigitalOcean Spaces (talkide-prod-space, platform/logs/) | NYC3 |
| Email send audit log | PostgreSQL (email_log table) | NYC3 |
Tenant isolation
Each project environment runs in its own Kubernetes namespace ({tenantSlug}-{envSlug}). Project databases are provisioned as separate PostgreSQL databases with a dedicated role; cross-project database access is not possible at the connection level.
Managed storage (R2) uses per-project buckets with per-bucket scoped API tokens. No project can access another project’s bucket.
The TalkIDE platform database uses row-level tenant isolation via tenant_id columns. All queries are filtered by the tenant extracted from the authenticated JWT.
Encryption
| Layer | Status |
|---|---|
| Encryption at rest (managed PostgreSQL) | Enabled. DigitalOcean Managed PostgreSQL encrypts data at rest. |
| Encryption at rest (Block Volume / NFS) | Enabled. DigitalOcean Block Volume encrypts at rest. |
| Encryption at rest (Spaces / R2) | Enabled. Both DigitalOcean Spaces and Cloudflare R2 encrypt at rest. |
| Encryption in transit (PostgreSQL) | TLS required (sslmode=require on all connections) |
| Encryption in transit (app ↔ browser) | TLS. Wildcard certificate *.talkide.dev. |
Planned regions
Multi-region support, including EU data residency for GDPR compliance, is on the roadmap but is not available during private preview. When multi-region support launches, region selection will be configurable per project at creation time.
GDPR and data residency
During private preview all data is stored in the United States (NYC3, plus Cloudflare R2 Eastern North America for managed storage). TalkIDE does not currently offer EU data residency. EU customers who require data to remain within the European Economic Area should wait for EU region support before creating production workloads.
Data retention on project deletion
When a project is deleted, all associated resources are removed immediately and permanently:
- Kubernetes workloads (pods, services, ingress)
- Container images in the registry
- Source code working tree (NFS)
- Project database (data-plane PostgreSQL schema)
- Managed storage bucket (Cloudflare R2)
There is no grace period or recovery after deletion. Archive the project first if you may want to restore it later.
Thanks for the feedback.