Trust & Data Residency
Trust & Data Residency
This page explains Saaso's current hosting position, data residency stance, transfer expectations, and the practical consequences for customers who review security, privacy, or procurement requirements before adopting the product.
1. Current hosting model
Saaso currently uses US-only hosting. Customer data is stored and processed in the United States. We do not currently offer EU, EEA, UK, or other non-US data residency options.
If your organization requires data to remain outside the United States, Saaso is not currently a fit for that requirement. We prefer to state that clearly instead of implying regional options that do not exist.
2. What that means in practice
When you use Saaso, personal data and operational workspace data may be transferred to, stored in, and processed in the United States. That may include account records, delegated-user access data, support messages, payment-related records, uploaded files, and feature-specific operational records entered into an active workspace.
This also means Saaso may not satisfy procurement policies that require EU-only hosting, EEA-only hosting, UK-only hosting, or customer-selectable regional data residency. Buyers with strict residency rules should treat the current hosting model as a hard product limitation, not as a negotiable default setting.
3. Security and infrastructure posture
US-only hosting does not mean that data is handled casually. We still use technical and organizational measures intended to protect the service, including access controls, account verification flows, auditability, operational monitoring, and infrastructure protections suitable to the current product structure.
However, data location and information security are not the same question. A customer may accept the security posture of a service and still reject it because the service does not meet a required residency boundary. That is a legitimate procurement outcome, and we treat it as a scope question rather than as confusion.
4. International transfers
Because Saaso uses US-only hosting, personal data may involve international transfers for customers or individuals located outside the United States. Where required by applicable law, we rely on appropriate legal transfer mechanisms or operational safeguards suitable to the service structure and the laws that apply to the transfer.
Customers remain responsible for their own assessment of whether Saaso is appropriate for their legal, regulatory, procurement, or internal policy environment. If you are reviewing cross-border transfer issues, you should read this page together with the Privacy Policy and any contractual documentation that applies to your use case.
5. What we recommend customers ask internally
Before adopting Saaso, customers should confirm whether their team, procurement process, legal team, or regulator requires a specific hosting geography. In particular, ask whether your organization permits software vendors to store and process customer data in the United States, whether backups and support access must stay in a specific region, and whether your internal policy requires a formal transfer mechanism review.
If the answer to those questions is no, it is better to identify that early. Saaso should not be purchased on the assumption that non-US hosting will be added silently later or that a US-only setup can be reclassified as regional hosting through wording alone.
6. How to use this page in reviews
You may use this page as the plain-language summary when a security or procurement review asks where data is stored. The short answer is: Saaso is US-only hosted, and customer data is stored and processed in the United States.
If you need additional clarification for a questionnaire or a legal review, contact us through the public message flow and specify what you need to confirm, such as hosting geography, data residency limitations, or cross-border transfer expectations.