Tóg MarketplaceBack to the marketplace
All legal documents

Data residency

Where your data is stored, why we host in the European Union, and what that means whether your business is in the EU or outside it.

Effective
19 June 2026
Version
v1.0

Your data is stored in the EU

EU by default

Our primary database — Cloud Firestore — runs in the eur3 European Union multi-region. This is where your tenant account data and the end-shopper data your plugins collect (loyalty members, reviews, bookings) are stored.

The specifics:

  • Database (Cloud Firestore): European Union (eur3 multi-region) — the system of record for account data, plugin configuration, and plugin-collected end-shopper data.
  • Authentication (Firebase Authentication) and file storage (Cloud Storage): Google Cloud. [OWNER: Confirm the configured region for Firebase Authentication and Cloud Storage and state it precisely (Firestore is eur3/EU; confirm Auth and Storage location)]
  • Tóg-paid AI (Google Vertex AI): the EU region (europe-west1 by default) when the Vertex model path is used — see the AI Data Handling page.

If your business is in the EU/EEA

Your primary data is stored within the EU, which supports your own GDPR obligations. Where we (or a feature you enable) send data to a sub-processor established outside the EU/EEA, that is an international transfer handled under appropriate safeguards — see International transfers below.

If your business is outside the EU

We host in the EU regardless of where your business is based. That means that even if your business is outside the EU, your data (and your customers’ data) resides in the European Union on our primary store. We disclose this clearly because:

  • it is generally a benefit — your data sits under a strong data-protection regime, and it is well placed if you serve EU customers;
  • but some businesses have their own data-localisation requirements, so you should confirm that EU storage is acceptable for your situation before you rely on the service.

If you have a specific data-location requirement, contact us at support@togs.ie before onboarding.

International transfers

Some of our sub-processors are established in the United States — our hosting and AI gateway provider (Vercel), our payment processor (Stripe), the AI model providers (OpenAI, Anthropic) when AI-chat is used, our email provider (Resend), and Twilio where a tenant enables SMS. When data is sent to one of these, it leaves the EU/EEA — an international transfer.

These transfers are intended to be governed by the appropriate GDPR safeguards. [OWNER: Confirm reliance on the EU Standard Contractual Clauses (and the UK Addendum / Swiss adequacy if relevant) for the US sub-processors, who the signatory is, and reference them in the DPA]

The complete, dated list of sub-processors — including each one’s region — is on the Sub-processors page, and the transfer mechanics are set out in our Data Processing Addendum.

A note on payment data

Payment card details are entered with and held by Stripe, our payment processor — Tóg never receives or stores card numbers. Card data is therefore handled in Stripe’s environment under Stripe’s own certifications and regions, not in our database.

Questions about this document? Email support@togs.ie.