Where your documents are physically stored matters. For some teams, it is a compliance requirement – GDPR, or data residency rules for healthcare, legal, or financial records. For others, it is about keeping data close to reduce latency.
Until now, all Instafill.ai data was stored in the United States. Starting today, you can choose the country your data is stored in from a list of 11 regions, all running on Microsoft Azure. Pick a country when you sign up, and the documents and form data for your organization are kept in a data center in that region. The same encryption, the same access controls, the same product – just located where you need it to be.
How it works
When you create your account on Instafill.ai, you can now choose where your data should be stored. The choice applies to your entire organization. By default, we select the region that matches your location – so a user in Canada sees Canada already selected when they reach the welcome screen. If your country does not have a dedicated region yet, the United States is used as the default. Either way, you can pick a different country from the dropdown before continuing. Each region shows its physical location and compliance details, so you know exactly what you are choosing.
The region is set once, when your account is created, and you can see it any time under Organization settings → General. Your data stays in that region from that point on.
The 11 regions
All regions run on Microsoft Azure. Here is the full list, where each one physically lives, and the compliance certifications it carries:
| Region | Physical location | Compliance |
|---|---|---|
| United States (default) | San Antonio, Texas | HIPAA, PCI DSS, SOC 1/2/3, ISO 27001, FedRAMP |
| Germany | Frankfurt am Main, Hessen | GDPR, BSI C5, ISO 27001, SOC 1/2/3, HIPAA, PCI DSS |
| France | Île-de-France (Paris metro) | GDPR, HDS (Health Data Hosting), ISO 27001, SOC 1/2/3, PCI DSS |
| Italy | Settala (Milan metro), Lombardy | GDPR, ISO 27001, SOC 1/2/3, PCI DSS |
| West Europe | Middenmeer, Noord-Holland, Netherlands | GDPR, ISO 27001, SOC 1/2/3, HIPAA, PCI DSS |
| United Kingdom | London (Docklands area) | UK G-Cloud, GDPR, ISO 27001, SOC 1/2/3, HIPAA, PCI DSS |
| Canada | Etobicoke, Toronto, Ontario | PIPEDA, CCCS Medium, ISO 27001, SOC 1/2/3, HIPAA, PCI DSS |
| Australia | Kemps Creek / Seven Hills, Sydney, NSW | IRAP, ISO 27001, SOC 1/2/3, HIPAA, PCI DSS |
| Mexico | Querétaro State | ISO 27001, SOC 1/2/3, PCI DSS |
| UAE | Dubai | ISO 27001, SOC 1/2/3, PCI DSS, Dubai Electronic Security Center |
| Israel | Modi’in Technology Park (between Tel Aviv and Jerusalem) | ISO 27001, SOC 1/2/3, PCI DSS |
A stronger compliance footing
Choosing a region does more than set a location – it puts your data on infrastructure that carries that region’s compliance certifications, listed in the table above and shown in full the moment you select a region. Those certifications cover the data centers, encryption, and operational controls your data runs on. They support your own compliance work – GDPR, HIPAA, and the rest – but do not replace it.
The same security in every region
There is no security trade-off in choosing a region outside the US. Every region is set up to an identical baseline:
- Data stays in your region. Storage is not replicated to any other geography – your documents do not leave the country you chose.
- Encrypted at rest. Infrastructure-level encryption is enabled on every account, on top of standard storage encryption.
- No public access. Anonymous and public access is fully disabled, and storage is locked behind a firewall that only allows our own services.
- TLS 1.2, HTTPS-only, with recovery. All traffic is encrypted in transit, and soft-delete plus versioning protect against accidental loss. Access keys are held in a secured key vault.
One transparency note: the only thing kept in the US default region is blank, reusable form templates. These are shared across accounts and never contain personal data. Anything that can include your information – source files, filled forms, extracted data – is stored in your chosen region.
Where your data is stored is one of several controls you have over your information. You can also choose where your data is processed – pinning AI operations to a single provider at the organization level, including a HIPAA-eligible Azure-only path – and decide how long files are kept with automatic data cleanup.
Interesting facts
Since we added this option, more than 90% of users outside the United States have moved their data to a region in their own country. A smaller number of US-based users have moved their data to another region, too.
If your account already exists
Existing organizations stay in the United States region, where your data already lives. If you would prefer your data in another region, we can migrate it for you – it is a one-time move we run on our side. To request a different region, contact us at [email protected] and let us know which one.
Frequently asked questions
Can I change my region later?
Yes. The region can’t be changed from the dashboard, but we can move it for you. Contact [email protected] with the region you want, and we will physically migrate your data to it – a one-time move we run on our side.
How do I see which region I’m in right now?
Open https://instafill.ai/settings/organization/general. Your current region and its details are shown there.
Can I use different regions for different workspaces?
No. The region is chosen at the organization level and applies to every workspace, member, and document in your organization.
Do I have to pay extra to choose a region?
No. Choosing your storage region is available to every user at no additional cost.
Is Microsoft Azure secure?
Yes. Every region runs on Microsoft Azure, one of the most heavily audited cloud platforms in the world. Each data center is independently certified against broad standards like ISO 27001 and SOC 1/2/3, and many regions add certifications tied to local rules – GDPR and BSI C5 in Germany, HDS for health data in France, PIPEDA in Canada, HIPAA across several regions, FedRAMP in the US. Those audits cover the physical buildings, the encryption, and the day-to-day operational controls your data sits on, which is why we can offer the same security baseline everywhere rather than building it region by region ourselves.
My region isn’t in the list – can you add it?
Write to us with the country you need. As long as Microsoft Azure runs a data center there, we can include it in an upcoming update. You can check coverage on the official Azure global infrastructure list.