Data Residency Policy

Last updated: February 2026

Digitillis is designed to give manufacturing customers full control over where their operational data lives. Your process data is your competitive asset. We offer three distinct deployment models so that every customer can choose the residency arrangement that fits their regulatory requirements, security posture, and operational context.

1. What Data We Process

Digitillis processes the following categories of operational data:

  • Sensor readings: Time-series values from equipment sensors (temperature, vibration, pressure, current, flow, etc.) transmitted from your OT environment.
  • Equipment metadata: Asset identifiers, equipment type, operating parameters, maintenance history, and manufacturer specifications.
  • Prediction outputs: Model inference results including remaining useful life estimates, anomaly scores, quality predictions, and prescriptive recommendations.
  • User activity logs: Actions taken in the platform interface, ARIA queries, approvals, and alert responses. These are tied to user accounts, not to individual employees on the shop floor.

Digitillis does not collect, store, or process personally identifiable information (PII) from the factory floor. Worker identities, biometric data, and personal production performance records are outside the scope of what the platform handles.

2. Deployment Options and Data Location

Customers choose their deployment model at onboarding. Each model has different data residency characteristics.

(a) SaaS: Digitillis-managed cloud

Data is stored in Digitillis-managed infrastructure on Amazon Web Services. Customers choose their primary region at signup:

  • us-east-1: North America primary region
  • eu-west-1: Europe primary region (GDPR-appropriate)

Data is not replicated across regions without customer consent. Backup retention and disaster recovery occur within the selected region.

(b) On-premise: Customer datacenter

The full Digitillis platform (database, inference engine, API layer, and dashboards) deploys into the customer's own infrastructure. All data remains within the customer datacenter. Zero data egress to Digitillis systems. Digitillis has no access to customer data in this configuration. Model updates are delivered as signed artifact packages, not live connections.

(c) Private cloud — Customer AWS or Azure tenant

Digitillis deploys into a VPC or virtual network owned and controlled by the customer within their own AWS or Azure account. All data remains in the customer's cloud tenant. Digitillis engineers have no access to customer data or cloud resources. This option is available on Enterprise plans.

3. Data Isolation and Security Controls

In SaaS deployments, Digitillis enforces strict tenant isolation:

  • Schema-per-tenant isolation: Each customer's data lives in a dedicated PostgreSQL schema. No shared tables, no cross-tenant queries possible at the database level.
  • Encryption at rest: All data at rest is encrypted using AES-256. Encryption keys are managed per-tenant and rotated annually.
  • Encryption in transit: All data in transit is protected by TLS 1.3. Older TLS versions are disabled.
  • No cross-tenant queries: The application layer enforces tenant context on every database query. Cross-tenant data access is architecturally impossible, not just policy-prohibited.
  • Access control: Role-based permissions (admin, operator, viewer) scoped to tenant. Multi-factor authentication available on all plans. SSO integration available on Professional and Enterprise.

4. Data Deletion and Purge

Customers retain the right to request deletion of their data at any time. Our commitments:

  • Deletion SLA: Customer data is deleted from all live systems within 30 days of a verified deletion request.
  • Backup purge: Encrypted backups containing customer data are purged on a rolling schedule not to exceed 90 days from the deletion request date.
  • Contract end: On contract termination, data deletion is initiated automatically within 30 days unless the customer requests an export first. Export is provided in CSV and JSON formats.
  • Deletion audit trail: A cryptographically signed record of the deletion event is provided to the customer upon completion.

5. Contact

For data residency questions, deployment architecture reviews, or deletion requests, please use our contact form.