Abundly is built on enterprise-grade cloud infrastructure with security and compliance at its foundation. All data is stored in EU data centers, encrypted at rest and in transit, and protected by comprehensive access controls. This page provides the technical details enterprise security teams need.
Data residency All customer data is stored in EU data centers, specifically in Stockholm, Sweden:
Component Location Database AWS eu-north-1 (Stockholm) Agent Service GCP europe-north2 (Stockholm) File Storage GCP europe-north2 (Stockholm) Task Queue GCP europe-north2 (Stockholm)
EU data residency ensures compliance with GDPR and other European data protection regulations. Data does not leave the EU.
Encryption Type Standard At rest AES-256 encryption for all stored data In transit TLS 1.2+ / HTTPS for all communication Secrets RSA-OAEP with SHA-256 (see Credentials )
All communication between components is encrypted. HTTPS is enforced for all endpoints.
Compliance status Standard Status Notes GDPR Compliant EU data residency in Stockholm Data Encryption Met AES-256 at rest, TLS 1.2+ in transit Access Controls Comprehensive Role-based permissions SOC 2 Type II Planned Certification in progress ISO 27001 Evaluation Under consideration
Audit trails Every agent action is logged with complete context:
Field Description Timestamp When the action occurred Actor Which agent performed the action Trigger What initiated the action (email, schedule, chat, etc.) Plan What the agent intended to do Execution What tools were called and what happened Result The outcome of the action
Audit logs are immutable and cannot be modified or deleted after creation.
You can access audit information through:
Activity log — Real-time and historical view of agent actions with full detailsAgent diary — High-level summary of what each agent has been doing
See Activity Monitoring for details on using these tools.
Data retention Data Type Retention Account Information While account active; deleted within 30 days of account deletion User Content Retained to provide services; deleted within 30 days after deletion Log Data Up to 90 days for security and troubleshooting Usage Data Anonymized data may be retained for analytics Backups Data may remain in backups up to 9 months
System architecture The platform is built on cloud-native infrastructure:
Component Technology Location Web Portal Vercel, Next.js/React Vercel Edge Network Agent Service Google Cloud Run, Node.js GCP europe-north2 Database MongoDB Atlas AWS eu-north-1 Task Queue Google Cloud Tasks GCP europe-north2 File Storage Google Cloud Storage GCP europe-north2
Availability and disaster recovery Feature Implementation Cloud-native resilience Automatic failover via Vercel and GCP Automated backups Daily with point-in-time recovery Backup retention 9 months with cross-region replication Health monitoring Continuous monitoring with alerting RTO (Recovery Time) 24 hours for critical services
We maintain a documented Disaster Recovery Plan covering database recovery, secrets restoration, and service continuity.
Security monitoring Activity Approach Infrastructure monitoring Automated via GCP, MongoDB Atlas, Vercel Alert configuration Email notifications to technical team Active monitoring Daily dashboard review Incident response Critical alerts within 1 hour (business hours) Penetration testing Annual third-party testing
Legal documentation Enterprise compliance For enterprise customers, we can provide:
Custom data retention policies
Dedicated compliance documentation
Audit support and reports
Custom DPA terms
Contact Us Need custom compliance arrangements? Contact our team.
