We now offer two data zones: EU and US. Here's why it matters.

Last month, a prospect asked: “Where does our data live?”

We had the answer. But it made us realize something. For many companies, that question isn’t curiosity. It’s a requirement. Legal needs to know. Security policy demands it. Customers expect it.

So we built what should have existed from day one.

Two zones, one choice

When you sign up for DMARCTrust, you now pick your data region:

• EU (eu-west): Data stored and processed in the European Union
• US (us-east): Data stored and processed in the United States

That’s it. One click, made once, honored forever. Your DMARC reports, aggregate statistics, DNS monitoring data, and account information all stay in the region you chose.

No hidden transfers. No fine print about “processing partners” in other jurisdictions. Your data lives where you decided it should live.

Why this matters

You might think data residency is just a checkbox for enterprise sales. It’s not.

GDPR and the transfer question

If you’re a European company, GDPR makes cross-border data transfers complicated. The Schrems II decision invalidated Privacy Shield. Standard Contractual Clauses require additional safeguards. The legal situation keeps changing.

The simplest solution? Keep EU data in the EU. No transfer, no problem.

Our EU zone runs entirely within the European Union. Your DMARC reports never cross the Atlantic. Your compliance team can close that ticket and move on.

US data sovereignty

American companies face their own pressures. Government contracts often require US-only data storage. Industry regulations demand it. Internal security policies mandate it.

Our US zone gives you that guarantee. Data stays on American infrastructure, subject to American jurisdiction.

The vendor questionnaire reality

Every enterprise deal comes with a security questionnaire. “Where is data stored?” appears on every single one.

With DMARCTrust, you can answer with a specific region code. Not “cloud infrastructure” or “various locations.” Just: eu-west or us-east.

How it works

The choice happens once, at the moment you create your account.

Before you enter your email or connect with Google, you’ll see two options. Pick your region. Continue with signup. Done.

We detect your likely preference based on your location, but the choice is always yours. A German company with US subsidiaries might want the US zone. An American startup serving European customers might prefer the EU.

Your business. Your decision.

Can I change it later?

Yes. Go to Settings and select a new region. Migration completes within one week.

That said, we recommend picking the right region upfront. Data residency shouldn’t be something that changes frequently.

Eating our own cooking

We tell customers to take email security seriously. Implement DMARC properly. Enforce policies. Monitor continuously.

It would be hypocritical to ignore compliance ourselves.

Data residency is part of that philosophy. If we’re asking you to trust us with your DMARC reports (which contain information about every email sent from your domain), you should control where that data lives.

This isn’t a premium feature. Every DMARCTrust account, including free ones, gets to choose their data zone. Compliance shouldn’t be a luxury.

What this means for existing customers

If you signed up before this feature launched, your data is in our EU zone by default.

To switch regions, go to Settings and select your preferred zone. Migration happens automatically.

Technical details

For those filling out vendor questionnaires:

The EU zone (eu-west) uses infrastructure hosted within EU member states. Data processing occurs entirely within EU jurisdiction, which makes it compliant with GDPR data localization requirements. There are no transfers to third countries for core service functionality.

The US zone (us-east) uses infrastructure hosted in the United States. Data processing occurs entirely within US jurisdiction, which makes it suitable for FedRAMP-adjacent requirements. There are no transfers outside the US for core service functionality.

Both zones use identical security controls: encrypted storage, encrypted transit, regular backups, access logging, and the same monitoring we’ve always had.

Please note that we are using Cloudflare in front of our servers, as explained in our Privacy Policy.

The only difference is geography.

Why we didn’t charge extra

Some vendors treat data residency as a premium feature. Pay more, get compliance. We think that’s backwards. If you’re trusting us with your email security data, you deserve to know where it lives. That’s table stakes, not an upsell.

Every plan, including the free tier, includes data zone selection. We hope that it will solve a few pain points on your end!

Get started

Every business needs DMARC monitoring. Now you can have it with data residency that satisfies your compliance team. Not sure where to start? Check your domain’s current status first.

Create your account, pick your region, and start monitoring your domains. The data zone selector appears before you enter any information, so you know exactly where your data will live from the start.

Already have an account? Change your region in Settings. Please note that a technical delay might be necessary to complete the migration.