Data Residency

All invoice data, signed XML, and cryptographic material used by Esnad are stored and processed within AWS Middle East regions. No data is transferred to or processed in regions outside the GCC for the purpose of providing the Esnad API.

Regions used

• AWS me-south-1 (Bahrain) — Primary: application, database (RDS), signed XML storage (S3), secrets (Secrets Manager).
• AWS me-central-1 (UAE) — Optional for redundancy or failover; same data residency guarantees.

What we store where

• Signed XML — Encrypted at rest in S3, retained for 6 years per ZATCA Article 66.
• Private keys — Stored only in AWS Secrets Manager in the same region; never in application databases or logs.
• Invoice and account data — Stored in RDS (MySQL) in the chosen region, encrypted at rest.

We do not replicate your invoice or key material to regions outside the Middle East. We issue our own subscription invoices through Esnad; our billing data is subject to the same residency rules.