Data Residency

Last updated: April 8, 2026

Why data residency matters for ECMS

MAESTRO ECMS holds controlled documents, training and qualification records, validation evidence, compliance artifacts, and audit trails that may include personal information about workforce members and, in some configurations, health- or research-related metadata. Many sponsors, institutions, and public-sector bodies therefore require that primary data storage and processing occur in defined jurisdictions — most often Canada for Canadian customers — and that cross-border transfers occur only under documented safeguards.

This page describes typical deployment patterns. Your authoritative commitments appear in your order form, data processing agreement, and security or residency addenda.

Primary region: Canada (typical default)

For customers who select a Canadian deployment, production environments commonly use Amazon Web Services (AWS) region ca-central-1 (Montreal, Quebec) for:

  • Application compute and load-balanced web tiers.
  • Managed relational databases holding structured metadata, permissions, workflow state, and references to stored objects.
  • Object storage for document binaries, attachments, and large exports.
  • Caching and session-oriented stores where used.
  • Encryption keys managed through the cloud provider’s key management service, created in-region where configured.

Keeping these components in a Canadian AWS region supports data sovereignty expectations for customers subject to PIPEDA, provincial private-sector privacy laws, and institutional policies that require Canadian processing.

Categories of data covered

When hosted in a Canadian region as described above, the following categories of customer data generally remain within Canada for primary processing and at-rest storage:

  • Controlled content: SOPs, policies, work instructions, forms, study-facing templates, and version history.
  • Training and competence: Programs, modules, enrollments, completions, acknowledgements, and training matrices.
  • Onboarding: Checklists, task assignments, and evidence tied to HR or contractor onboarding.
  • Validation and quality records: CSV packages, protocols, reports, traceability matrices, and linked attachments.
  • Compliance: Reports, CAPA records, and related documentation stored in the platform.
  • Identity and access: User profiles, role assignments, authentication events (as logged), and administrative configuration.
  • Audit and activity logs: Security-relevant and user-attributable events required for GxP-style accountability.
  • Backups: Database and object-store backups generated for continuity, retained according to policy.

Processing architecture within the region

To meet residency expectations, not only storage but also routine processing should occur in-region:

  • Application servers handling requests run on compute in the selected region.
  • Background workers (for example, report generation, notifications, bulk jobs) execute on compute in the same regional footprint unless your agreement specifies otherwise.
  • Administrative access by RAN BIOLINKS personnel may occur from Canada or other locations under strict access controls; such access is limited to what is needed for support and operations and is itself logged where applicable.

Disaster recovery and backups

High-availability designs typically replicate data across multiple Availability Zones within the same AWS region for fault tolerance. For disaster recovery, encrypted backups may be replicated to another Canadian AWS region (for example, ca-west-1, Calgary) when configured — so customer content does not leave Canada for DR purposes.

Specific RPO (recovery point objective), RTO (recovery time objective), and backup retention are defined in your agreement or service description.

Support, subprocessors, and limited transfers

Like most SaaS providers, RAN BIOLINKS may use subprocessors (for example, for email delivery, ticketing, or monitoring). Subprocessors are required contractually to protect data and to process it only as instructed. Where a subprocessor operates outside Canada, we rely on appropriate safeguards (for example, contractual clauses and technical measures) consistent with applicable law and your agreement.

Customers who require no subprocessors outside Canada, or who need a named subprocessor list and transfer impact assessment, should engage us during procurement so contractual terms can reflect those constraints.

Multi-region and dedicated deployments

Global enterprises may mandate primary hosting in the United States, European Union, United Kingdom, or other regions. RAN BIOLINKS can document a region-specific architecture in the customer agreement, including:

  • Primary and failover regions.
  • Data flows between regions (if any) and legal mechanisms for transfer.
  • Customer-managed encryption keys or dedicated single-tenant instances where required.

Hybrid and customer-managed components

If your architecture integrates MAESTRO ECMS with on-premises systems, third-party eTMF/CTMS platforms, or customer-operated identity providers, data may traverse networks and systems outside RAN BIOLINKS’ direct control. Your organization remains responsible for those flows and for agreements with those vendors.

Questions and attestations

For a residency summary suitable for your vendor risk questionnaire, legal review, or institutional security committee, contact RAN BIOLINKS. We can align written descriptions with your specific subscription, region, and integration design.