For regulated buyers, where your data lives is a first-class control, not a footnote. Aona keeps your Workforce AI Security data resident in your own region across 7 live regions. Your prompts, file uploads, and audit logs stay in-country, so data residency becomes a reason to say yes, not a blocker in your security review.
Pick a region and your AI usage data, prompts, and audit logs stay there. Each region keeps your data resident in-country.
| Region | Data stays in | Best for |
|---|---|---|
| Australia (Sydney) | Australia | Australian financial services, government, and regulated mid-market. |
| France (Paris) | France (EU) | French and EU organisations with GDPR data-residency requirements. |
| United Kingdom (London) | United Kingdom | UK financial services, legal, insurance, and public sector. |
| Germany (Frankfurt) | Germany (EU) | German buyers with data-sovereignty and GDPR expectations. |
| United States (Central) | United States | US-headquartered organisations that need data kept onshore. |
| Singapore | Singapore | APAC organisations subject to Singapore PDPA and regional policy. |
| Hong Kong | Hong Kong | Hong Kong financial services and APAC regulated buyers. |
Data stays in: Australia
Best for: Australian financial services, government, and regulated mid-market.
Data stays in: France (EU)
Best for: French and EU organisations with GDPR data-residency requirements.
Data stays in: United Kingdom
Best for: UK financial services, legal, insurance, and public sector.
Data stays in: Germany (EU)
Best for: German buyers with data-sovereignty and GDPR expectations.
Data stays in: United States
Best for: US-headquartered organisations that need data kept onshore.
Data stays in: Singapore
Best for: APAC organisations subject to Singapore PDPA and regional policy.
Data stays in: Hong Kong
Best for: Hong Kong financial services and APAC regulated buyers.
In every region, your AI usage data, prompts, and audit logs stay in that region.
Regulated mid-market buyers in financial services, legal, insurance, government, and healthcare are the ones asking these questions first. A clear in-country answer moves the security review forward.
GDPR expects personal data processed by EU organisations to stay within an appropriate region, and German buyers add their own data-sovereignty expectations on top.
UK organisations, especially in financial services and the public sector, increasingly require data to remain in the UK rather than the wider EU.
APAC buyers face a patchwork of local data-protection regimes, so a regional answer matters for procurement and regulator conversations.
Aona deploys regional infrastructure for each region, so your data is processed and stored in-country from the moment you go live.
At the start of your deployment you select the region your organisation needs. That choice sets where your data is processed and stored.
Aona runs dedicated regional cloud infrastructure per region, with in-country data storage. Your data is processed and stored in that region.
Your prompts, file-upload content, audit logs, and policy data stay resident in your region. Data retention is configurable per customer.
Everything Aona captures to govern AI use stays in the region you select.
The text employees send to AI tools, and the model responses captured for governance, stay in your region.
Documents and files employees upload to AI tools, and the content extracted from them, are stored in-region.
The full record of AI usage, policy events, and security alerts your team relies on for evidence stays in-region.
The data classifiers, policies, and configuration that drive enforcement are held in your region alongside the events they govern.
Start your free 90-day trial and choose the region your organisation needs. In-country data residency across 7 live regions, SOC 2 Type II certified.