Overview
Data residency refers to the geographic location where customer data is processed and stored. At Dispel, we prioritize transparency and control, allowing customers to manage their data locations based on their specific requirements. This guide explains how data residency works across different Dispel deployment models: Dispel SaaS, Customer Cloud, and On-Premise deployments.
Dispel SaaS Data Residency
For customers utilizing Dispel SaaS, all data processing occurs through Dispel-managed infrastructure. Our sub-processors are located in the United States, as listed in our official Sub-Processor List. The governance of data protection under Dispel SaaS follows the Dispel Data Protection Addendum, ensuring compliance with industry standards and security best practices.
Key Points:
Dispel SaaS leverages U.S.-based sub-processors.
Data protection is governed by Dispel’s Data Protection Addendum.
Customers can control their data routing preferences through available geographic deployment options.
Customer Cloud & On-Premise Deployments
For Customer Cloud and On-Premise deployments, Dispel does not act as a sub-processor. Instead, the customer maintains full responsibility for data storage, processing, and compliance. This means that all data residency decisions, infrastructure management, and legal obligations fall under the customer's direct control.
Key Points:
Dispel is not a sub-processor in these environments.
The customer assumes full responsibility for data security and residency.
Customers manage their own infrastructure, compliance, and access control.
Learn more about shared responsibility on the Dispel Zero Trust Engine.
Customer-Controlled Data Routing
During daily operations, Dispel allows customers to control where their data routes based on the geographic locations they select for their deployments. Data residency is primarily determined by the following factors:
1. Region Selection
Customers choose a primary geographic region for their SD-WAN deployment.
This decision influences where network services are hosted.
Data does not reside in the network (with the exception of security information and enforcement rules), but will transit through those geographies.
2. Virtual Desktop Geolocation
The Virtual Desktop location is configurable via the Dispel dashboard.
Users can select from available data center locations to optimize performance and compliance needs.
Data during the session is stored at these locations.
3. Wicket Deployment Location
A Wicket serves as an access gateway and its geographic location affects routing policies.
Customers determine where to deploy Wickets based on security and latency preferences.
Data does not reside in the Wicket (with the exception of security information and enforcement rules), but will transit through these locations.
Managing Data Residency in the Dispel Dashboard
To configure data residency settings:
Log into your Dispel Dashboard.
Navigate to Regions > Select or modify the Region for your environment.
Navigate to Stacks > Configure the Virtual Desktop location as needed.
Ensure Wicket deployments align with your data residency and access policies.
By selecting the appropriate geographic regions for these components, customers can effectively manage data residency, latency, and compliance needs.
Summary
Dispel SaaS deployments use U.S.-based sub-processors and follow Dispel’s Data Protection Addendum.
Customer Cloud & On-Premise deployments place full data responsibility on the customer, with Dispel not acting as a sub-processor.
Customers have control over data routing based on Region, Virtual Desktop, and Wicket deployment locations.
Geolocation settings are configurable via the Dispel Dashboard.
For any further inquiries regarding data residency, contact Dispel Support or refer to our legal documentation.