Data Transfers & Routing

Overview

App Config.json is engineered for strict data sovereignty and predictable transit behavior. All configuration payloads, sync signals, and audit telemetry follow a zero-trust transit model. Data never leaves your designated geographic boundary unless explicitly configured for cross-region replication.

Transport: HTTP/2 + TLS 1.3 (mandatory) with WebSocket fallback for long-poll environments
Encryption: End-to-end payload encryption using customer-managed keys (CMK) or platform-managed AES-256-GCM
Routing: Any-Cast edge routing with strict regional failover policies
Retention: Transit logs are ephemeral; configuration states are persisted per-region

Transfer Architecture

The platform uses a bidirectional sync model optimized for low-latency configuration propagation. The SDK maintains a persistent session with the nearest edge node, exchanging delta-encoded JSON payloads.

Sync Flow

// Example: SDK handshake & delta fetch
{
  "session_id": "sess_8f3a2b9c",
  "region": "us-east-1",
  "protocol": "ws-tls13",
  "delta_cursor": "cursor_v3_99201",
  "payload_hash": "sha256:a1b2c3...",
  "retry_policy": {
    "backoff": "exponential",
    "max_retries": 3
  }
}
            

When an admin pushes a configuration update, the control plane broadcasts a signed delta to all connected SDK sessions in the target environment. Idempotent merging ensures no duplicate or conflicting states reach the client.

Security & Compliance

All data transfers are governed by strict compliance frameworks. We undergo annual third-party audits and maintain continuous monitoring.

🛡️

GDPR Compliant

EEA data residency & lawful transfer mechanisms

🔐

SOC 2 Type II

Audit-ready security controls & monitoring

🌍

CCPA Ready

Data subject access & deletion APIs built-in

📜

ISO 27001

Certified information security management

Transit encryption cannot be disabled. All edge nodes support mutual TLS (mTLS) for service-to-service authentication. Customer-managed encryption keys (KMS/HSM) are supported for payload-level encryption before transmission.

Regional Endpoints & Routing

Configuration data is routed through the nearest available edge cluster. You can pin your tenant to a specific region or enable active-active multi-region replication.

Region	Endpoint	Data Residency	Failover
US East	us-east.sync.appconfig.json	Virginia, USA	US West
EU West	eu-west.sync.appconfig.json	Frankfurt, DE	EU Central
APAC South	ap-south.sync.appconfig.json	Singapore	APAC East
GovCloud	us-gov.sync.appconfig.json	US Government Regions	None (Air-gapped)

Note: Cross-region replication is opt-in and requires explicit data transfer consent via the control plane API. All inter-region traffic is encrypted and logged for audit purposes.

Frequently Asked Questions

Can I prevent configuration data from leaving my chosen region?

Yes. By default, all data stays within your selected geographic boundary. Cross-region replication is disabled unless explicitly enabled via the admin console or API with explicit consent flags.

How are failed transfers handled?

The SDK uses exponential backoff with jitter and stores uncommitted deltas in encrypted local storage until reconnection. Once the link is restored, idempotent merge logic ensures consistency without duplicates.

Do you store transit logs?

Transit metadata (timestamps, region, payload size) is retained for 30 days for security monitoring. Actual configuration payloads are never logged in transit. Full audit trails are available in the compliance dashboard.

Is mTLS required for all integrations?

Standard TLS 1.3 is enforced by default. mTLS is recommended for service-to-service integrations and required for GovCloud and HIPAA-eligible tenants. Certificate rotation is automated.