Data that stays where the law says it stays.
GDPR doesn't care about your replication topology. Personal data leaves the region only when you say it does.
Most managed databases replicate globally by default and require careful configuration to constrain. The cost of a mistake is regulatory.
Capabilities that map directly to the pain.
Region pinning
Tenant-level region affinity. Data physically stays in the assigned region.
Cross-border controls
Replication policies expressed as data, auditable in version control.
Right-to-erasure tooling
Subject access requests resolved against the event log, not best-effort.
DPA ready
Data Processing Agreement and Standard Contractual Clauses available.
The architectural decisions that matter here.
Provable residency
Cryptographic attestation that no event left the region.
Want to see this running on your data?
An audit log your auditor can actually use.
SOX, MiFID II, and SEC Rule 17a-4 all demand the same thing: immutable, reproducible, time-stamped records. CortexDB stores data that way by design.
PHI handling that survives a BAA review.
Patient data needs encryption, scoped access, and an audit trail granular enough to answer "who saw what, when?"
Air-gap friendly. Telemetry-free.
FedRAMP, IL5, and classified environments don't tolerate phone-home telemetry or unsigned dependencies. CortexDB ships without either.