Skip to content

Security & data residency

Org-admin

These policies are set by organization admins and apply to everyone in the organization.

The EU-only models (data residency) toggle in organization settings
Data residency policy

EU-only models (data residency)

The EU-only models toggle restricts every member of your organization to EU-processed (or self-hosted) models — in chat, the workflow assistant, agents, and workflows.

  • It is on by default (secure by default).
  • While on, non-EU models are hidden from the picker and blocked for agents and workflows.
  • An admin can turn it off if the organization deliberately wants to use non-EU-processed models.

The full behaviour is described in EU sovereignty & residency.

Login MFA (email one-time code)

Require a 6-digit email code after the password on every password login. It is on by default. Members who sign in with a passkey or social provider already have strong authentication and aren't additionally prompted — see MFA & passkeys.

Why these are org-wide

Both are organization policies rather than personal preferences, so a single admin decision applies consistently to the whole team — the essence of niil's "secure by default" posture.