Your data lives in AWS Singapore (ap-southeast-1). Here's what that means in detail, what we do to keep it safe, and the small print about where data may transit during normal operation.
Primary data location
prospiq's production database and application servers run in AWS's Singapore region (ap-southeast-1). All customer data — your account, your saved lists, your search history, your enriched contacts, your billing details — is stored here at rest.
We chose Singapore because:
- It's a stable, well-regulated jurisdiction
- It gives us fast access from both India and the rest of Asia-Pacific
- It's an acceptable transfer destination under both GDPR (via standard contractual clauses) and DPDP
If you have a specific regulatory requirement that needs data to stay in a different region, we can discuss options under a custom plan — contact us.
Encryption
At rest
All customer data in our database is encrypted at rest using AES-256, the standard for production data storage. Our backups are encrypted with the same standard.
In transit
All connections to prospiq are encrypted with TLS 1.2 or higher. We don't support older TLS versions or insecure protocols. API requests, web app connections, and webhook deliveries all use HTTPS.
What's stored where
Your account and product data
User profiles, saved lists, search history, bulk job results, team membership, API keys — all in our primary Singapore database.
Verified enrichment cache
Verified contact data (emails confirmed against mail servers, phone numbers with verified provenance) is stored in our shared verification cache, which lives in the same Singapore region. The cache is not tied to individual customer accounts — it's our internal verification record.
Billing and invoices
Billing records are stored in two places: our financial archive (encrypted, restricted access, retained per Indian tax law), and our payment processor's vault (governed by their own data handling).
Logs and operational telemetry
Application logs and operational metrics are retained for a short window (typically days to a few weeks) for debugging and security purposes, then automatically purged. Logs do not contain enrichment results or customer-stored data.
What happens during normal operation
A few categories of data may transit through other regions briefly during normal operation:
- CDN edge requests. Static assets (CSS, JavaScript, images) are served through a CDN, which means they're cached at edge locations near your users. No customer data is on the CDN — only public static files.
- Email delivery. Transactional emails we send you (sign-up confirmations, password resets, billing notifications) are delivered through our email infrastructure provider, which routes through global SMTP relays. These emails don't contain enriched contact data, only account-related notifications.
- DNS and TLS handshakes. Standard internet operation. No data content involved.
None of these involve customer-stored contact data leaving Singapore.
Backups and disaster recovery
- Automated daily backups, retained for 30 days
- Point-in-time recovery available for the last 7 days
- Backups encrypted with the same standard as production data
- Tested restoration procedure verified periodically
Access controls
- Production database access is restricted to a small number of named engineers
- All production access is logged and auditable
- No customer data is accessed by humans during normal operation — only during a specific incident, customer support request, or scheduled maintenance, and only with logged justification
- Production credentials are rotated on a schedule and immediately on any personnel change
What we don't do
- We don't replicate data to additional regions unless we tell you
- We don't store data on personal laptops or unsecured locations
- We don't use customer data for analytics that surface specific customer behavior to other customers
- We don't sell your data, ever, to anyone