TLDR

If your product sends notifications to European users, you probably need EU data residency, not just GDPR compliance. Most notification platforms either don't offer regional data storage at all, lock it behind enterprise sales calls, or make you jump through hoops to get it. Courier runs a dedicated EU datacenter in AWS Ireland with full feature parity, same-workspace access, and a one-line SDK change to get started. And if you're serving a multilingual user base (which you almost certainly are if you need EU data residency), you'll also want to evaluate how each platform handles notification translations. Here's how the major platforms compare across both dimensions.

What is EU data residency, and why does it matter for notifications?

EU data residency means your data is physically stored and processed within the European Union. It's related to GDPR but not the same thing. GDPR regulates how you handle personal data of EU residents regardless of where it's stored. Data residency goes further: it guarantees the data itself lives in EU infrastructure.

For notification infrastructure specifically, this matters more than most teams realize. Notifications carry personal data by nature. Every message you send contains recipient identifiers, behavioral signals (what triggered the notification), delivery metadata (device tokens, email addresses, phone numbers), and often message content that includes names, account details, or transaction information. That's PII flowing through your notification pipeline on every single send.

If your notification provider stores that data in US-based infrastructure, you're creating a cross-border data transfer for every European user you message. That's not a hypothetical compliance risk. European Data Protection Authorities have been actively enforcing transfer restrictions since Schrems II, and fines have reached into the hundreds of millions of euros.

Beyond regulatory pressure, many enterprise customers and B2B buyers now require EU data residency as a procurement condition. If your notification infrastructure can't confirm where data is stored, that becomes a blocker in security reviews and vendor assessments.

Which notification platforms support EU data residency?

Not all notification platforms treat data residency the same way. Some offer dedicated regional infrastructure with developer-friendly configuration. Others check the GDPR compliance box without giving you control over where data actually lives. Here's where things stand across the major platforms as of early 2026.

Courier

Courier operates a dedicated EU datacenter in AWS EU-West-1 (Ireland). The EU Datacenter is available for Enterprise customers (request a demo to learn more). The implementation is straightforward: you use the same workspace and the same API keys, and switch to api.eu.courier.com as your base URL. There's full feature parity between the US and EU regions, including Journeys, Design Studio, in-app notifications, and all channel integrations. Courier also provides dedicated EU endpoints for GDPR data deletion and subject access requests. For existing customers, the migration path involves contacting support to replicate data to the EU region, with no workspace changes required. The SDK change is a single line:

Novu

This solution offers EU data residency through their cloud platform, hosted in AWS Frankfurt (eu-central-1). They also list additional regions on their pricing page, including Singapore, UK, Australia, Japan, and South Korea. Novu's approach separates data strictly between regions, meaning you can't copy or move data between US and EU data warehouses. They're SOC 2 Type II, ISO 27001, and HIPAA compliant. Novu also offers self-hosted and hybrid-cloud deployment options, which give teams full control over where data lives at the infrastructure level. The tradeoff is that self-hosting means you own the operational burden.

OneSignal

This solution moved its data centers to the EU in early 2025, migrating from bare metal infrastructure to EU-hosted cloud. This was a blanket migration rather than a configurable region selector. Their data centers are now in the EU, which benefits all customers from a residency perspective. However, it's not a dual-region model. You don't choose between US and EU endpoints. OneSignal provides GDPR tooling like consent gating, IP address masking, and data deletion APIs, but the data residency approach is less granular than what Courier or Novu offer.

SuprSend

This is GDPR compliant and SOC 2 Type II certified. Their security documentation references "EU-data residency options," and they offer flexible deployment models including Bring Your Own Cloud (BYOC) and self-hosted infrastructure. However, like Courier, custom data center region selection is only available on their Enterprise tier. Their Data Processing Addendum also notes that data may be processed globally across the US, EU, and other jurisdictions. Unlike Courier or Novu, SuprSend doesn't publish a specific EU datacenter region or a public EU API endpoint in their documentation. For teams that need a clearly documented, self-serve EU endpoint, this is a limitation worth noting.

Knock

This solution is GDPR compliant and holds SOC 2 Type II certification. They support data deletion via API and provide audit logs. However, Knock does not currently offer a dedicated EU datacenter or any form of regional data residency. Their security documentation covers encryption at rest and TLS 1.2, but makes no mention of regional infrastructure options. For teams with a hard EU data residency requirement, this is a gap worth noting during evaluation.

How Courier handles EU data residency

Courier's approach to EU data residency is built around a principle that matters to engineering teams: minimal configuration change, zero compromise on functionality.

EU Datacenter

The EU datacenter runs in AWS EU-West-1 (Ireland). All notification data for EU-configured workspaces, including recipient profiles, message content, delivery logs, and engagement tracking, is stored and processed in this region. There's no data replication to US infrastructure.

What makes Courier's implementation distinct is the same-workspace model. You don't create a separate EU account. You don't manage two sets of API keys. Your existing workspace, with all its workflows, templates, integrations, and team members, works identically through the EU endpoint. The only change is the base URL.

For teams already running on Courier's US infrastructure, the migration works like this: you contact Courier support, they replicate your existing configuration and data to the EU region, and you update your SDK configuration to point to the EU endpoint. No new workspace, no new API keys, no workflow rebuilds.

GDPR Compliance

On the GDPR tooling side, the EU endpoint supports dedicated deletion and data access requests:

These aren't generic GDPR features bolted on top. They're region-aware endpoints that operate against the EU data store specifically, so deletion requests don't need to propagate across regions. For full implementation details, see the EU Datacenter documentation.

Why translations matter for EU notification infrastructure

If you need EU data residency, you almost certainly need multilingual notifications too. The overlap between "our users are in Europe" and "our users speak multiple languages" is nearly a circle. A product sending notifications in the EU is likely serving users across German, French, Spanish, Dutch, Italian, Portuguese, and many other locales. Data residency gets your infrastructure compliant, but translations are what make the notifications actually useful to the people receiving them.

This is where the platforms diverge more than you'd expect.

Localization

Courier supports localization through multiple approaches depending on your team's needs. The Localization API (available on Business and Enterprise plans) lets you manage translations per block and per channel via JSON endpoints, with support for draft/published workflows and TMS integrations. There's also a separate Translations API that uses .po (GNU gettext) files you upload per locale via the CLI (courier translations:upload es-ES ./translations/es-ES.po) and reference in templates using the t handlebar helper. You can also manage translations through Courier's MCP server. Courier stores locale preferences on user profiles or accepts them in the send request, so the correct translation is applied automatically at send time. For teams using external translation management systems, Courier supports webhook-driven workflows where a notification submission triggers an outbound webhook to your TMS. Courier also integrates with Crowdin for managed translation sync. The internationalization tutorial walks through all the options in detail. This gives maximum flexibility, especially for teams with existing translation infrastructure, but the tradeoff is that Courier doesn't provide an in-dashboard translation editor like some competitors.

SuprSend has one of the more polished built-in translation experiences. Their system uses JSON locale files that you upload via dashboard, CLI, or API. You maintain a single template and multiple translation files, and SuprSend handles locale resolution automatically at send time with fallback logic. They support namespace-based organization (grouping translations by feature or module), git-like versioning for every translation commit, and the ability to roll back to previous versions. For teams that want translation management tightly integrated into the notification platform itself, SuprSend's approach is worth evaluating.

Novu offers i18n helpers in their workflow editor with translation groups and locale-based message delivery. You set the subscriber's locale, and Novu delivers the appropriate translation with fallback to the organization's default locale. Their approach is dashboard-friendly and doesn't require external tooling, though the translation management itself is less granular than SuprSend's namespace and versioning system.

Knock supports translation management and provides automated translation file generation that can plug into CI/CD pipelines. Their approach leans more heavily on external libraries (i18next, FormatJS) and is documented primarily as a guide for using JavaScript i18n tools alongside Knock's platform, rather than a fully integrated translation layer.

OneSignal supports localization through its message composer and API, but its translation capabilities are more basic. You can create localized versions of messages, but there's no structured translation management system comparable to SuprSend's or Courier's API-driven approach.

The takeaway for teams evaluating EU notification infrastructure: data residency and translations are two sides of the same coin. A platform that handles one well but not the other will create gaps in your European deployment. Evaluate both together.

What to look for in a GDPR-compliant notification provider

When evaluating notification infrastructure for EU compliance, there are several things worth checking beyond the "we're GDPR compliant" badge that every SaaS product displays on their security page.

First, ask where data is actually stored. GDPR compliance and EU data residency are different things. A platform can be GDPR compliant by using Standard Contractual Clauses for cross-border transfers while still storing everything in US-East-1. That satisfies the legal framework but doesn't meet data residency requirements that many enterprises and regulated industries now demand.

Second, check whether the EU offering has full feature parity. Some platforms restrict features in non-primary regions. If your EU-hosted workspace can't access the same APIs, dashboard features, or channel integrations as the US version, you're accepting a degraded experience for compliance reasons. That's a red flag.

Third, look at the migration path. If you're already running in production on US infrastructure, how painful is it to move to EU? Do you need a new account? New API keys? Do you lose your workflow history and templates? The best implementations let you switch regions without re-architecting your integration.

Fourth, evaluate the GDPR-specific tooling. You need programmatic endpoints for data deletion (right to erasure), data export (right of access), and ideally audit logs that document when these actions were taken. If the only way to handle a deletion request is to email support, that doesn't scale.

Fifth, check whether the platform supports multilingual notifications natively. If you're deploying in Europe, you need translations. A platform that forces you to build a separate translation layer outside the notification system adds complexity and potential points of failure. Look for locale-aware delivery, fallback logic, and translation management that fits your team's workflow.

Sixth, consider the compliance certifications alongside data residency. SOC 2 Type II, ISO 27001, and HIPAA compliance indicate mature security practices. Data residency without these underlying controls is just geography without governance.

Finally, check your notification provider's subprocessor list and data processing agreements. Your provider might store notification data in the EU, but if they use subprocessors that transfer data outside the EU for analytics, logging, or delivery, you've got a compliance gap. The DPA should specify where subprocessors operate and what data they access.

Common mistakes teams make with notification data residency

Even teams that take data residency seriously often miss a few things when it comes to notification infrastructure specifically.

The most common mistake is assuming your email or SMS provider covers you. If you use SendGrid for email delivery and Twilio for SMS, those providers have their own data residency posture. But the notification orchestration layer sitting on top of them, the system that stores recipient profiles, manages preferences, logs delivery events, and routes messages across channels, is a separate data residency concern. Your orchestration layer might be storing PII in a different region than your downstream delivery providers.

Another frequent miss is forgetting that in-app notification data is PII. Teams that are careful about email and SMS compliance sometimes overlook the notification feed, inbox, or toast component in their app. That data includes user identifiers, message content, read/unread state, and engagement signals. It needs the same data residency treatment as any other notification channel.

A third mistake is treating translations as a separate problem from data residency. If you set up EU data residency but your translation files are stored in a US-hosted CMS, or your translation API calls route through US infrastructure, you've introduced a data flow that undermines the residency posture. Keep your translations co-located with your notification infrastructure, or at minimum verify that your translation pipeline doesn't create cross-border data transfers.

Log retention is another blind spot. Notification platforms store delivery logs, error logs, and analytics data that often contains recipient identifiers and message metadata. Ask where logs are stored, how long they're retained, and whether log storage follows the same regional constraints as primary data. A platform might store your notification data in the EU but ship logs to a US-based observability tool.

Finally, teams sometimes confuse GDPR compliance with data residency and stop at "our vendor signed a DPA." A Data Processing Agreement is a legal mechanism. It doesn't change where your data physically sits. If your procurement or security team requires EU data residency, a DPA alone doesn't satisfy that requirement. You need infrastructure-level guarantees about data location.

If you're interested in EU data residency with Courier, please contact our team directly here.

FAQ

Does Courier support EU data residency? Yes. Courier operates a dedicated EU datacenter in AWS EU-West-1 (Ireland) with full API feature parity. You access it using the same workspace and API keys by pointing your SDK to api.eu.courier.com. All notification data, including profiles, messages, logs, and engagement data, is stored and processed in the EU region.

Is Courier GDPR compliant? Yes. Courier provides built-in GDPR tooling including programmatic data deletion endpoints, subject access request support, and audit capabilities. The EU datacenter ensures data residency compliance in addition to GDPR's processing and consent requirements.

Which notification APIs offer EU data residency? As of 2026, Courier and Novu both offer dedicated EU data residency with configurable regional endpoints. OneSignal migrated its infrastructure to the EU in 2025. SuprSend offers EU data residency options on their Enterprise tier, along with BYOC and self-hosted deployment. Knock is GDPR compliant but does not currently offer a dedicated EU datacenter or regional data storage option.

Does Courier support multilingual notifications? Yes. Courier supports localization through its Localization API (per-block/per-channel JSON translations), a separate Translations API (.po file uploads with the t helper), MCP-based translation management, and profile-level locale attributes for automatic language detection at send time. Courier also integrates with Crowdin for managed translation workflows. See the internationalization tutorial for a full walkthrough.

Do I need EU data residency for push notifications? If your push notifications contain or are associated with personal data of EU residents (which they almost always are, since they're tied to device tokens and user identifiers), then EU data residency requirements apply to the orchestration and storage layer. The push delivery itself goes through Apple (APNs) or Google (FCM), but the notification platform storing recipient data and delivery logs should meet your data residency requirements.

What's the difference between GDPR compliance and EU data residency? GDPR compliance means you follow the regulation's rules for processing personal data of EU residents, including consent, data minimization, and transfer mechanisms like Standard Contractual Clauses. EU data residency means the data itself is physically stored in EU infrastructure. You can be GDPR compliant without EU data residency (by using legal transfer mechanisms), but many enterprises and regulated industries now require both.

Can I migrate my existing Courier workspace to the EU? Yes. Existing Courier customers can contact support to begin migrating data to the EU region. Courier's team replicates your configuration and data to EU-West-1. The migration requires updating your SDK's base URL to the EU endpoint but doesn't require new API keys, a new workspace, or workflow rebuilds.

Which notification platforms have the best translation support? SuprSend and Courier both offer robust translation management. SuprSend provides a tightly integrated system with JSON locale files, versioning, and namespace support. Courier offers an API-driven localization workflow with per-block translations, webhook-based translation pipelines, and Crowdin integration. Novu has i18n helpers in their workflow editor. Knock supports translations through integration with external i18n libraries and CI/CD-based translation file generation.