Introducing the Ochre AI support workspace. Start a 14-day trial

Where Ochre stores your data

Hosting region, database, encryption at rest and in transit, attachments, and what is and is not available for region selection today.

By ChristopherUpdated 3 min read

Ochre is straightforward about its infrastructure. No mystery cloud diagrams, no "global edge" hand-waving for the durable data path.

The short version

  • Database: Postgres, hosted by Supabase.
  • Region: AWS us-east-2 (Ohio, USA).
  • Application servers: Vercel, in front of the same database.
  • Encryption at rest: AES-256, handled by Supabase and AWS at the volume layer.
  • Encryption in transit: TLS 1.3 on every public endpoint.

That is the whole picture for the durable storage path.

What lives in Postgres

Almost everything. Conversations, messages, customers, custom fields, integration metadata, routing rules, AI drafts, billing references. If you can see it in Ochre's UI, it is reading from Postgres.

A few things are encrypted on top of the at-rest encryption Supabase already provides:

  • BYOK keys (Anthropic, OpenAI). Encrypted with a dedicated OCHRE_BYOK_ENC_KEY server-side, separate from the Postgres service role. Customers rotate by re-pasting in settings.
  • OAuth tokens for inbound integrations (HubSpot, Linear, GitHub, Slack, Notion, GitBook), encrypted with the same key.
  • Webhook signing secrets for outbound integrations.

This means a database snapshot, taken on its own, does not leak any of those secrets.

Attachments and large files

Email attachments, chat uploads, and help-center cover images live in Supabase Storage, which is backed by S3 in the same region. Access is gated through signed URLs that expire. Direct public access is off by default.

What lives outside Postgres

A short list, because we want it to stay short.

  • Email send and receive: Resend, with webhooks signed by Svix.
  • AI inference: Anthropic and OpenAI, called with customer-supplied BYOK keys. We send conversation context and retrieved KB chunks, never the full database.
  • Billing: Stripe. We store Stripe customer and subscription IDs, not card numbers.
  • Error and performance telemetry: standard observability vendors. PII is filtered at the SDK layer.

The full vendor list is in our security-questionnaire.

Backups

Supabase performs automated daily backups with point-in-time recovery on the database. Backups inherit the at-rest encryption of the underlying volumes. We do not currently expose self-service backup downloads. If you need a workspace export, see GDPR and your data rights — exports are a concierge process via hello@ochrehq.com.

What about EU or other regions?

Today, the answer is: not available. Every Ochre workspace runs in us-east-2. EU residency is on the roadmap, not shipped. If your contract or your customers require EU residency, please tell us before signing up. We track these requests and we will be honest about timing.

Data your team enters

When you paste an API key, a customer's address, or a support ticket into Ochre, it is stored in the same Postgres instance described above and inherits the same controls. Be careful when pasting third-party secrets into conversations: AI features may include conversation context when generating drafts.

How long we keep things

While your workspace is active, we keep everything. When you delete the workspace, there is a 30-day grace period and then a hard delete. See GDPR and your data rights.

Network access

The application uses TLS 1.3 with modern ciphers. The Postgres database is not directly exposed to the internet for application reads. Application servers connect through Supabase's pooler. Direct database access for engineering is gated behind short-lived credentials and is logged.

Related

Was this article helpful?

← Back to Ochre Help
Where Ochre stores your data · Ochre