Docs preview
TalkIDE documentation · preview

Regions and data residency

Current region

Active regionus-east (DigitalOcean NYC3, New York City)
DatabaseDigitalOcean Managed PostgreSQL 17, NYC3
NFS storageDigitalOcean Block Volume, NYC3
Platform object storageDigitalOcean Spaces (talkide-prod-space), NYC3
Managed storage (user apps)Cloudflare R2, Eastern North America
Kubernetes clustertalkide-prod, NYC3

User applications deployed through TalkIDE are hosted on the same Kubernetes cluster as the platform.


Data categories and storage locations

Data categoryStorageLocation
Account and project metadataPostgreSQL (control-plane cluster A)NYC3
Conversation historyPostgreSQL (control-plane cluster A)NYC3
App source code (working tree)NFS volume backed by DO Block VolumeNYC3
App database (per project)PostgreSQL (data-plane cluster B, schema-per-app)NYC3
Managed storage: user app uploads and generated filesCloudflare R2 (per-project bucket)Eastern North America
Platform object storage (backups, exports, artifacts)DigitalOcean Spaces (talkide-prod-space)NYC3
Platform logsDigitalOcean Spaces (talkide-prod-space, platform/logs/)NYC3
Email send audit logPostgreSQL (email_log table)NYC3

Tenant isolation

Each project environment runs in its own Kubernetes namespace ({tenantSlug}-{envSlug}). Project databases are provisioned as separate PostgreSQL databases with a dedicated role; cross-project database access is not possible at the connection level.

Managed storage (R2) uses per-project buckets with per-bucket scoped API tokens. No project can access another project’s bucket.

The TalkIDE platform database uses row-level tenant isolation via tenant_id columns. All queries are filtered by the tenant extracted from the authenticated JWT.


Encryption

LayerStatus
Encryption at rest (managed PostgreSQL)Enabled. DigitalOcean Managed PostgreSQL encrypts data at rest.
Encryption at rest (Block Volume / NFS)Enabled. DigitalOcean Block Volume encrypts at rest.
Encryption at rest (Spaces / R2)Enabled. Both DigitalOcean Spaces and Cloudflare R2 encrypt at rest.
Encryption in transit (PostgreSQL)TLS required (sslmode=require on all connections)
Encryption in transit (app ↔ browser)TLS. Wildcard certificate *.talkide.dev.

Planned regions

Multi-region support, including EU data residency for GDPR compliance, is on the roadmap but is not available during private preview. When multi-region support launches, region selection will be configurable per project at creation time.


GDPR and data residency

During private preview all data is stored in the United States (NYC3, plus Cloudflare R2 Eastern North America for managed storage). TalkIDE does not currently offer EU data residency. EU customers who require data to remain within the European Economic Area should wait for EU region support before creating production workloads.


Data retention on project deletion

When a project is deleted, all associated resources are removed immediately and permanently:

  • Kubernetes workloads (pods, services, ingress)
  • Container images in the registry
  • Source code working tree (NFS)
  • Project database (data-plane PostgreSQL schema)
  • Managed storage bucket (Cloudflare R2)

There is no grace period or recovery after deletion. Archive the project first if you may want to restore it later.

Was this page helpful?

Thanks for the feedback.