Overview
The overall goal of data residency (formerly called data locality) in Webex App is to keep user data in regional data centers corresponding to the organization's location. This offering is available for new customers and provides the following high-level functionality:
-
Your users have a single identity stored in your organization's geographic region. The identity service in your organization's geographic region handles client authentication requests.
Your users can continue to meet with, message, and call users in other organizations across the globe without the need for separate accounts in foreign clusters. This means that Webex App does not proliferate extra personally identifiable information.
-
Encryption keys for your users are created and stored in your organization's geographic region, and the key management service (KMS) in your region handles requests for the keys to encrypt and decrypt spaces, messages, and content in Webex App.
-
Encrypted user-generated content (meetings, messages, whiteboards, files and related metadata) is stored in the organization's geographic region in Europe.
-
We store data about your organization, such as verified domains, preferences, and security settings, in your geographic region.
-
Partners in one region can create customer organizations in any region.
-
Hybrid Data Security is now supported for organizations in the European region.
Hybrid Data Security allows organizations to bring encryption key management and other security-related functions into their own premises data centers.
-
Hybrid Calling for Webex Devices is now supported for organizations in the European region.
Hybrid Calling for Webex Devices provides on-premises Unified CM calling capabilities to Cisco Webex Room, Desk and Webex Board devices that are registered to the cloud.
-
Webex Video Mesh is now supported for organizations in the European region.
- Webex Meetings, Calling and User Identities services can now be provisioned within the country for Canadian customers.
How We Determine the Data Residency Region
Messaging Data Residency
During provisioning, the administrator who sets up an organization sees a Country Selector drop-down menu in Control Hub. We determine the geographic region in which the organization's data resides based on the selected country. When you create a trial and select a country that maps to the European region, the organization's user-generated content is stored in the region as well as the user identities and encryption keys.
To determine which region a country maps to, you can download the following Microsoft Excel file and select the country name from the drop-down menu: https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/datalocality/CountryCodeGEOmapping.xlsx (The file begins to download immediately when you access the link.)
For Webex Messaging data residency, we added a European geography (GEO) with data centers in Frankfurt and Amsterdam. The existing data centers in the United States of America continue to serve North America and the "Rest of the World" (RoW).

Meetings Data Residency
Meetings data is stored in a data center based on the time zone that you select for a Webex Meetings site during provisioning. For example, if you select a time zone from one of the European Union cities, then the Meetings data will reside in the data center in Frankfurt. Meetings data for other time zones outside of the European Union will reside in whichever data center is closest to the selected city.
At Cisco, we're committed to the protection and privacy of our customers’ data and personal information. The additional new data centers in Toronto, Canada and Frankfurt, Germany are part of this effort and complement existing data centers in the region, providing additional opportunities to host data in the EU and Canada. Starting July 2021, new Webex customers from Europe will be provisioned to the data center in EU. Starting July 2022, new Webex customers from Canada will be provisioned to the data center in Canada. We also have a migration plan in place to provide existing customers with more flexibility, and to manage the data migration to your region. |
To view the current list of Webex Meetings data centers, see: Where are the Webex Data Centers and iPOP Locations?
Data Sharing, Processing, and Storage
The following tables describe how data is shared, processed, and stored in various scenarios. Because Webex App enables collaboration amongst users in multiple organizations, the rules for storage and processing depend in some cases on the type of collaboration, and whether you enable communication with other organizations.
In each table, the following designations are used for data residency:
Global—Data may be handled at a Cisco data center in any location.
Limited—Data resides in the organization's geographic region, but copies may be created or processed in other regions as needed.
Restricted—Data resides in the organization's geographic region.
In addition to sharing, processing, and storage, for each of these activities we use certain data for the purposes of logging and auditing. This data is handled as global and includes some service and user information to help generate business metrics and usage metrics. The data stored and managed in these centralized components is governed by the Cisco Corporate Information Security guidelines, which require strict adherence related to sharing with third parties, retention, and documentation of this data.
Scenario | Data Involved | Shared With | Processing | Storage |
---|---|---|---|---|
Create a new customer organization. | Data collected or generated to manage a customer account, including administrative email addresses, organization id, claimed domains associated billing information | Cisco, partner | ![]() Global | ![]() Global |
Use and manage a customer organization; add licensed services. | Operational data such as organization settings, subscription history, product catalog, usage data, analytics, stored CSV files | Cisco, partner, administrators | ![]() Global | ![]() Global |
Create a new user. | Universally unique identifier (UUID) | — | ![]() Global | ![]() Global |
Scenario | Data Involved | Shared With | Processing | Storage |
---|---|---|---|---|
Sign in to user account. | OAuth token | Identity service | ![]() Limited | ![]() Restricted |
Password | Identity service | ![]() Restricted | ![]() Restricted | |
Configure and use the Webex App app. | Data such as mobile device ID, device name, IP address; settings such as time zone and locale; personal directory data such as first name, last name, avatar, phone number | Organization and partner administrators | ![]() Global | ![]() Restricted |
Personal directory data such as first name, last name, avatar, phone number | Other users in the organization, or an external organization in the same region | ![]() Restricted | ![]() Restricted | |
Users from an external organization in a different region* | ![]() Limited | ![]() Restricted |
* Use Control Hub to block communication with external organizations to prevent this scenario. This blocks communication with all external organizations.
Scenario | Data Involved | Shared With | Processing | Storage |
---|---|---|---|---|
Send a message or file, create a space, flag messages. | User-generated content | Compliance officers | ![]() Restricted | ![]() Restricted (based on space owner's region—see Space Ownership and Content Storage Region) |
Other users in the organization, or an external organization in the same region | ![]() Restricted | ![]() Restricted | ||
Users from an external organization in a different region* | ![]() Limited | ![]() Limited | ||
Encryption keys | Other users in the organization, or an external organization in the same region | ![]() Restricted | ![]() Restricted | |
Users from an external organization in a different region* | ![]() Limited | ![]() Restricted (keys are not stored outside the region) | ||
Search indexes and derived metadata required to operate the service without "leaking" user-generated content or personally identifiable information outside of the region. | — | ![]() Limited | ![]() Limited | |
Share real-time media. | Voice, video, content share | Other users in the organization, or an external organization in the same region | ![]() Restricted | ![]() Restricted |
Users from an external organization in a different region | ![]() Limited | ![]() Limited | ||
Record a meeting. | Meeting recordings stored in Webex Meetings | — | ![]() Restricted (meeting host's region) | ![]() Restricted (meeting host's region) |
Create a whiteboard. | Whiteboard content (whiteboards between organizations are co-owned) | Other users in the organization, or an external organization in the same region | ![]() Restricted | ![]() Restricted |
Users from an external organization in a different region* | ![]() Limited | ![]() Limited |
* Use Control Hub to block communication with external organizations to prevent this scenario. This blocks communication with all external organizations.
Entity | Data Involved | Shared With | Processing | Storage |
---|---|---|---|---|
Calendar environment integration | Calendar meetings and events, some personally identifiable information | Membership of all spaces (within the user's organization) | ![]() Limited | ![]() Limited |
Developer APIs | API services for developers – transparent look-up and re-direct to the appropriate region's services. | Global look-up In-region processing | Depends on the rules of the content (as listed in previous tables) and the APIs supporting it | Depends on the rules of the content (as listed in previous tables) and the APIs supporting it |
Space Ownership and Content Storage Region
We store content in the region of the organization that owns the space where the content appears. Ownership depends on the type of space:
-
Group space—The owner is generally the organization of the person who created the space. We store content in the region of the owner organization.
-
Space within a team—The organization of the person who created the team owns spaces created within the team. Spaces created outside of the team and then moved into the team retain their original ownership. We store content in the region of the space owner organization.
-
Conversation between two people (nongroup space)—If the people are in different organizations, each organization owns the content that its user posts. If the conversation includes a user from the North America/RoW GEO, we store the conversation content in the North America/RoW GEO.
-
Space created by a bot—We assign ownership to the organization of the first non-bot participant and store the content in the region of the owner organization.
Frequently Asked Questions for Data Residency
Why am I seeing a Country Selector during the organization provisioning process?
Cisco Webex is excited to provide customers the ability to localize certain Webex App data within “geo-based” data centers. In this Phase 1, data localization is available for an end customer’s organization, user identities, and encryption keys. In Phase 1, user-generated content (encrypted messages, boards, files and related metadata) continues to be stored in a common, global storage for all organizations. Future phases will include data localization for user-generated content (messages, files, whiteboards). Note that Webex Meetings sites can be managed through any such organization and recordings are still associated with the meetings site cluster.
In the future, we plan to release European content storage for new organizations before we support content migration (from common global storage to Europe) for existing organizations. For this reason, if user-generated content storage in the European GEO is a high-priority requirement for the organization, and you can wait to deploy a new organization until European content storage is available, we recommend waiting. |
Cisco Webex is excited to provide customers the ability to localize certain Webex App data within “geo-based” data centers. During provisioning, the Country Selector determines which region will store a new customer organization's data. This includes organization identity, users' personal identities, encryption keys, and user-generated content (encrypted messages, boards, files, and related metadata).
Note that Webex Meetings sites can be managed through any such organization and recordings are still associated with the meetings site cluster.
Which GEO locations are currently supported for Webex Messaging?
We introduced the following locations, with the intention of expanding to more later:
-
Europe—Hosted in the data centers in Frankfurt and Amsterdam. This region is mapped to countries in Europe, the Middle East, Africa and Russia (EMEAR).
-
North America and Rest of the World (RoW)—Hosted in data centers in the United States.
What is the recommendation when selecting a country for the GEO location?
A customer’s organization data is created and maintained in the GEO location where the Webex App service is provisioned. During provisioning, the administrator will see a new option for selecting a country from a drop-down menu. This action permanently sets the GEO location for the organization’s users and encryption keys.
When selecting the country for an organization, consider the following recommendations:
-
If the organization's users are primarily based in one country, select that country, even if it doesn't match the business address of the organization. This will improve the user experience and minimize latency by utilizing storage in the data centers closest to the users.
-
If the users are spread across multiple countries, select the country that has the highest user count. Keep in mind that all of the organization's users will have their data stored in the associated GEO location, even those who are not located in that country or GEO.
-
Ideally, the ship-to country and country of data residency are the same.
We do not currently support migrating between GEO locations. When you create an organization in a GEO, it stays in that GEO. |
To check the GEO location that a particular country maps to, download the CountryCodeGEOMapping.xlsx file, open the file in Microsoft Excel, and select the country from the drop-down menu.
Can my organization's users continue to collaborate with users in other regions?
Yes. Data residency strengthens the security and compliance features of Webex App without compromising the simplicity of the user experience. All users on our platform can communicate globally while retaining a single user identity.
How does data residency impact compliance and visibility across GEOs?
Compliance officers continue to have 100% visibility to user content regardless of where the data is stored (based on the Webex App ownership model). This means that compliance capabilities like eDiscovery and cloud access security broker (CASB) integrations will continue to allow you to monitor and take action on data loss prevention events, even if your users collaborate with those from other regions. The administrator controls that are already available allow you to disable external communication as needed.