This document explains when data residency is enforced in each location where Model Armor is available. Data residency lets you specify a geographic region where your data is stored and processed, which helps ensure that your data remains in that location. Model Armor helps provide control over where your data is handled, supporting compliance with various regulations.
Model Armor processes the following types of data:
Core data: The primary data that Model Armor processes, most relevant to data residency, which includes prompts, responses, and input files.
Configuration data: Template and floor setting configurations such as rules, filters, and thresholds that Model Armor uses to scan prompts and responses.
How and when data residency is enforced
When you enable data residency for Model Armor, it helps ensure that data remains within a specified location while in at least one of the following states:
At rest: Data is at rest when it is committed to persistent storage.
In use: Data is in use when it is in memory.
In transit: Data is in transit when the data is entering or exiting Google's network perimeter—for example, at the Google Front End (GFE)—and is encrypted with Transport Layer Security (TLS).
The following table indicates when data residency controls are enforced for each region.
| Region | At rest | In use | In transit |
|---|---|---|---|
us-central1 |
Yes | Yes | Yes |
us-east1 |
Yes | Yes | Yes |
us-east4 |
Yes | Yes | Yes |
us-west1 |
Yes | Yes | Yes |
europe-west1 |
Yes | Yes | Yes |
europe-west2 |
Yes | No | No |
europe-west3 |
Yes | Yes | Yes |
europe-west4 |
Yes | Yes | Yes |
asia-south1 |
Yes | No | No |
asia-southeast1 |
Yes | No | No |
Regional endpoints
Regional endpoints provide access to resources in a specific location. When you use a regional endpoint, your request is routed directly to the endpoint's location. You can't use a regional endpoint to access resources in other locations.
Using a regional endpoint helps you enforce data residency controls for your resources when they're at rest, in use, and in transit. Each regional endpoint uses the following format:
modelarmor.LOCATION.rep.googleapis.com
Replace LOCATION with a supported location. For supported
locations, see Locations.