Data residency
Default: Indonesia
By default, all customer data stays in Indonesia. Quantum Elixir's primary region is id-jkt-1 (Jakarta), running in an OJK-recognized Tier IV data center.
This covers:
- All Postgres databases
- All object storage (PDFs, biometric captures, attestations)
- All cache layers
- All audit logs
What never leaves Indonesia
| Data class | Region |
|---|---|
| Customer PII (NIK, name, email, phone) | id-jkt-1 exclusively |
| Biometric capture bundles + embeddings | id-jkt-1 exclusively |
| Source documents (KTP, NPWP, statements) | id-jkt-1 exclusively |
| Audit logs | id-jkt-1 exclusively |
| API request/response logs | id-jkt-1 exclusively |
What may leave Indonesia
| Data class | Region | Why |
|---|---|---|
| Watchlist data (OFAC/UN/EU sanctions) | Sourced from us-iad-1, served from id-jkt-1 | Original lists are US/UN — we proxy daily into ID |
| Software updates | CI/CD originates outside ID | Our build pipeline runs in us-iad-1 |
| Aggregated, anonymized analytics | id-jkt-1; metadata may aggregate to ops dashboards in other regions for SRE | Operational only; no customer-identifiable data crosses borders |
The anonymized analytics path is controllable — set org.opsTelemetry: false to fully isolate.
Multi-region (coming 2026 Q3)
A second region in sg-sin-1 (Singapore) is launching as a hot replica for disaster recovery + lower-latency cross-border access. Customers opt in per-org — opt-in includes a contractual SCC for personal data transfer to Singapore (an "adequate" jurisdiction under UU PDP).
When live:
- Org can choose
dataResidency: ID-only(default; nothing in SG) ordataResidency: ID-SG(active-active across regions). - SAR XML envelopes always stay in ID regardless of org setting.
- Customer can override per-collection if they want PII in ID but webhooks delivered via SG for global egress.
Cross-border data transfer
For customers with operations outside Indonesia, we provide:
- Standard Contractual Clauses (SCC) — EU-aligned template, adapted for Indonesia.
- Adequacy assessment — we can provide our adequacy analysis to your privacy team on request.
- Privacy Impact Assessment (PIA) template — pre-filled for using Quantum Elixir.
Email compliance@quantumelixir.tech for the full DPA package.
What you control
Per-org settings (dashboard → Settings → Data Residency):
| Setting | Effect |
|---|---|
dataResidency | ID-only (default) · ID-SG (when SG opens) |
opsTelemetry | Enable / disable aggregated ops telemetry crossing borders |
webhookEgressRegion | Where outbound webhooks originate from (default id-jkt-1) |
retentionDays | Customer-tunable retention; per-data-class overrides allowed |
Bank Indonesia / OJK alignment
Our default ID-only posture aligns with:
- BI Reg. 22/23/PBI/2020 — payment system data must reside in ID.
- OJK Reg. 38/POJK.03/2016 — outsourcing of IT requires regulatory notification when data crosses borders.
- UU PDP 27/2022 — data subject + controller transparency requirements.
If your org is regulated under any of the above, you can stay on ID-only indefinitely and be compliant. We'll never silently move data without your explicit toggle.
Be careful about manual exports
Dashboard CSV/JSON exports can be downloaded to wherever your browser sits. If your team operates partly outside Indonesia, set the dashboard's requireSinkRegion: ID policy to block exports from non-ID IPs.
Audit trail of data movement
Every cross-border data transfer (when active-active is on) is audit-logged: source region, destination region, data class, timestamp. Exportable via the dashboard's Audit Log → Data Movement filter.
This audit log is itself stored in id-jkt-1 and never replicated cross-border, by design.