How it works

InCountry’s global infrastructure securely manages your regulated data.

Store regulated data with InCountry

Just like with PCI compliance, your application continues to work as it always has with its own data store. InCountry augments your existing data store by adding an additional data store for regulated data.

InCountry stores your records in two top-tier data centers for each country

InCountry uses a database principle called two phase commits to ensure that your data is kept in sync across two separate data centers for each country.

The InCountry SDK directs data to and from our in-country data stores

Your application uses the InCountry SDK to store and retrieve records in specific countries using their ISO 2 letter country code.

The InCountry SDK enables your application to communicate securely

Your application connects to InCountry using TLS 1.2 and a revocable API key.

The InCountry SDK uses two different types of world class encryption to store your data

The InCountry SDK encrypts each of a record’s searchable fields using a hash. The full record is encrypted using a symmetric key with AES-256. Your application fully controls the encryption keys and the InCountry SDK is compatible with key management systems.

The InCountry SDK retrieves records using the hashed keys

The InCountry SDK finds a record using the hashed version of the search fields and returns the full record for your application to decrypt.

The InCountry SDK uses encryption, not tokenization

Tokenization is useful for storing information like credit card numbers that have a fixed length, and in use cases where the token can fit in the space of the original data. With tokenization, the vendor has full visibility into your data. Encryption is useful for securely storing arbitrary amounts of information like health care data. With encryption, you can retain your encryption keys and the vendor does not have visibility into your data.

InCountry Border keeps data within a country’s borders with no coding changes

InCountry Border is a proxy layer running within InCountry points of presence. Your global web application can route web service calls between a user’s browser and the web application through the InCountry proxy. InCountry Border uses a domain overlay to authenticate users and automatically removes and encrypts specified fields with PII and then re-inserts the fields on subsequent web service calls.

InCountry single-tenant offers dedicated and isolated databases

Fully isolated databases with custom tables
  • Managed service provider offering
  • Fully isolated and dedicated API and database in each PoP
  • Field level encryption settings

InCountry REST API integrates directly with your application

REST API is an easy to setup solution that maps to existing REST microservices and is integrated directly with application servers. When reading or writing a payload of non-regulated data, the application will use existing function calls to exchange data with the non-regulated data store hosted in an offshore datacenter.

InCountry’s turnkey SaaS integrations stores, processes, and controls access within a country.

InCountry’s SaaS integrations support Salesforce, Mambu, Twilio, Segment, and more.