Upstash

DatabaseMedium RiskVerified 2026-03-05

Overview

Headquarters🇺🇸 USSan Jose

US IncorporatedYes

CLOUD Act ExposureYes

Regions (4 in 3 countries)

🇺🇸 US

US East Virginia · Virginia

US West California · California

🇮🇪 IE

EU Ireland · Dublin

🇯🇵 JP

AP Tokyo · Tokyo

Compliance & Data

✓ SOC 2✗ ISO 27001✗ GDPR✗ HIPAA✗ PCI DSS

Application Data

Applicable Laws (5)

Applies to businesses meeting revenue or data volume thresholds that handle California residents' data.

Max fine: USD 7,500 per intentional violationvia 🇺🇸 US

CLOUD ActUnited States

Any US-incorporated provider or subsidiary may be compelled to disclose data regardless of where it is stored.

Max fine: Contempt of court penaltiesvia 🇺🇸 US

Cross-border transfers require consent or equivalent protection standards recognized by Japan's PPC.

Max fine: JPY 100M for corporate violationsvia 🇯🇵 JP

Cross-border transfers to non-adequate countries require SCCs, BCRs, or other safeguards.

Max fine: 4% of global annual turnover or EUR 20Mvia 🇮🇪 IE

US providers may be subject to surveillance orders targeting non-US persons, creating risk for EU data subjects.

Max fine: Contempt of court penaltiesvia 🇺🇸 US