InCountry Docs FAQ

This section collects answers to the most frequently asked questions about the InCountry Platform. Here you can find more details and recommendations about InCountry products and the capabilities they provide.

How do I set up an account in InCountry Platform?

  1. Open InCountry Platform.
  2. Sign up for a new account.
  3. Fill out the required information.
  4. Click Submit.
  5. Confirm your account.
  6. Log in to your account on InCountry Portal.

How difficult is it to integrate with InCountry products?

Our company offers different kinds of products which can be integrated into your existing software solutions for data residency services. They mainly differ in integration efforts from your side, as follows:

  1. InCountry Border requires minimal integration efforts from your side. You just need to proxy your requests from the application frontend to InCountry Border and that’s all. It requires additional configuration and deployment by the InCountry team. It provides the server-side encryption and provides the capabilities available in InCountry Border, but does not require changes in the code base of your application.

  2. InCountry REST API requires more integration efforts from your side as you need to modify your application codebase, but as an advantage, you get the server-side encryption. You do not need to worry about where to keep the encryption key, how to use it, and so on. Our team will elaborate on all this. You just need to receive a certificate and use it while performing data requests from the application frontend. It requires additional configuration and deployment by the InCountry team.

  3. InCountry SDK requires additional integration efforts from your side, as you need to fully integrate it into your application code base and keep the encryption keys. It provides maximum freedom in the implementation of data residency solutions for your business cases. You need to choose InCountry SDK in the following situations:

    1. You need full control over the key.
    2. You need to use some other encryption method.
    3. You do not want InCountry to deal anyhow with your encryption key.
    4. You want to customize InCountry SDK for your production needs.

  4. InCountry Integrations provide the native integration with SaaS solutions in the service-specific format (a specific token format, data request structure, and so on).

What should I use to store data in-country in a monolithic web app?

If you have a monolithic web app that manages regulated data, you can take advantage of the HTML Proxy component. It can handle the regulated data within the HTML output from the monolithic web app.

Please contact InCountry for a free consultation and details on this.

To use InCountry SDK, you need to connect SDK as a library into your application project. It will provide client-side data encryption for regulated data.

If you do not want to do this, you can perform HTTP requests and use the server-side encryption within InCountry REST API. It allows you to perform the same operations as InCountry SDK provides, but do this on the server-side of your application without full integration into its codebase.

InCountry REST API also provides the native integration with third-party SaaS solutions, like Salesforce and ServiceNow. It allows you to perform requests to InCountry REST API from your web-browser. You need to place all the request authorization details within the token.

For data localization in SaaS solutions, use InCountry REST API, as you will not be able to integrate InCountry SDK into it.

How do I process data in-country?

InCountry Serverless provides a capability to perform additional data manipulations on regulated data besides its storing in InCountry Platform. It lets you execute serverless functions in the origin country without transferring data for validation or aggregation to the country where the application server resides.

How do I retrieve data in-country into the application frontend?

The way to fetch this regulated data for showing in the application frontend mainly depends on the way you write data to InCountry Platform. We strongly recommend you to use the same InCountry product for writing and reading data in-country. Integration of different InCountry products will require additional time and effort from youк side, so in most cases, they will be extensive. If you are not sure about the InCountry product to choose for a specific task of yours, please contact InCountry to get a free consultation.

How do I aggregate data across countries?

InCountry Platform provides the three data regulation models which you can use for handling regulated data. For the specifics of each data regulation model, please see the Data regulation models section.

Depending on the used data regulation model, you can either aggregate data across multiple countries or you will not be able to do this because of local country regulations. Before proceeding to implementation of a solution for handling regulated data from multiple countries, please request a consultation from the InCountry team

With InCountry SDK you can perform data read requests into multiple countries and further aggregate the received data the way you want. This can be done only for the replication and restriction of data models. In the case of the redaction model, InCountry SDK can pull data only if your backend runs in the origin country, otherwise, you will violate the compliance requirements.

You can also use InCountry REST API for this with the same specifics of data regulation models. InCountry Border will not handle this scenario. Here you should consider that both InCountry products can output up to 100 records at once.

What other integration options does InCountry Platform offer?

InCountry Platform also provides additional solutions for application and system integrations, as follows:

  • Mail Proxy
  • Report Proxy
  • SFTP Proxy
  • Payment Gateway

Mail Proxy

This solution allows you to unredact regulated data in emails by sending them to the InCountry SMTP Proxy server. It parses data, unredacts it, and sends further to the required addressees. You can use the Mail Proxy to send notifications about events and actions within your application, for example, event notifications in Salesforce.

Report Proxy

This solution allows you to unredact regulated data when generating reports in some SaaS solution. It fetches redacted data from InCountry and replaces tokenized data with actual values in different types of reports or reporting files of yours. It has limited capabilities and depends on the reporting mechanism, which is used by a particular SaaS solution.

SFTP Proxy

This solution allows you to unredact data transferred through the SFTP protocol and redacts/unredacts data in the source files before passing it further into the workflow.

Payment Gateway

This solution allows you to handle the payment data (cardholder and card details) and pass it to the payment provider (for example, Stride) while saving this data to InCountry Platform. It redacts the card information on the fly and allows you to process payments through your server and being PCI-DSS compliant at the same time.

You can use it for one-time and recurrent payments, as well as for making subscriptions.

This component provides the payment web form which collects the payment details, writes this data to InCountry Platform, and further provides this payment data to a specific payment provider for performing a transaction.

This product allows you to develop a single payment gateway application that will be compatible with multiple payment providers in different countries without a necessity to be PCI-DSS compliant for keeping the cardholder information.

How do I handle production data with InCountry?

When you need to move the production data to InCountry Platform, you can the bulk data import operations in InCountry REST API or in InCountry SDK. They allow you to write data batches into InCountry Platform.

To map the records' regulated data stored in InCountry Platform to the record data in your application database, use the current record identifier in your application database as a profile key in InCountry Platform.

How do I add data residency to my Salesforce?

You can use the InCountry for Salesforce solution which supports the three data regulation models for handling regulated data in Salesforce and redacting this data if viewing it outside the origin country.

For the details on this solution, please see the InCountry for Salesforce - Implementation Guide.

How do I add PCI-DSS compliance with data residency into my application?

You can use the Payment Gateway solution which can be integrated into your web application or web-based mobile application for iOS or Android.

It provides the web application form for entering the payment details. This form integrates with InCountry Platform, so your application does not directly process the payment information itself, while InCountry Platform handles this and routes this information to the service provider depending on the country to which credit or debit card attributes to.

How to connect the Payment Gateway module into your application, please see this documentation.

What specifics of InCountry Platform do I need to consider?

Before you choose a particular InCountry product for implementation of data localization requirements, please consider the following:

  1. Your business cases for data localization
  2. Data regulation model (redaction / restriction / replication)
  3. Countries in which your business operations and your plans for its expansion
  4. Data communication and transfer in your system
  5. Control over encryption methods
  6. Control over keys and certificates

Having identified all these points, please check the possible solutions, as follows:

How do I implement the replication model with InCountry Platform?

Let’s say we want to implement the replication model for our regulated data. Our infrastructure includes a basic setup comprised of a client and a server.

InCountry Platform provides the four options which you can try to implement this scenario, as follows:

Option A

  1. Your application frontend sends a data request with a JWT token to InCountry REST API and saves regulated data in InCountry Platform.
  2. Then it sends a data request with the regulated data to the application backend.

Option B

  1. Your application frontend sends a data request to your application backend.
  2. Firstly, your application backend sends the regulated data to InCountry REST API, which saves this data to InCountry Platform.
  3. Then your application replicates this regulated data to your production database.

Option C

  1. You set up InCountry Border in the replication mode between your application frontend and backend.
  2. The application frontend sends data requests with regulated data to InCountry Border, which saves this data to InCountry Platform.
  3. InCountry Border further routes the initial data requests with tokenized regulated data to the application backend which saves it wherever required.

Option D

  1. You integrate InCountry SDK into your application.
  2. Your application sends regulated data to its backend.
  3. InCountry SDK captures this regulated data and saves it to InCountry Platform first.
  4. Your application backend further saves the replica of this regulated data to the application database.

How do I implement the restriction model with InCountry Platform?

TBD!!!

How do I implement the redaction model with InCountry Platform?

Let’s say we want to implement the redaction model for our regulated data. Our infrastructure includes the application backend which resides in some country outside of the origin country and the application frontend which is also available in the origin country.

InCountry Platform provides the two options which you can try to implement this scenario, as follows:

Option 1

  1. The application frontend sends a data request containing regulated data of the record with a JWT token to InCountry REST API which saves this regulated data to InCountry Platform.
  2. The application frontend sends a data request with the rest of the record’s data to the application backend.

Option 2

  1. You set up InCountry InCountry Border in the redaction mode between the application frontend and backend.
  2. The application frontends sends a data request to InCountry Border, which saves regulated data to InCountry Platform.
  3. InCountry Border further routes the data request with tokenized regulated data to the application backend.

Other specifics

You cannot use InCountry REST API (with backend) and InCountry SDK, as unredacted data should not reach your application backend which InCountry SDK integrates with.

Additionally, you can use InCountry Serverless when you need to perform additional data processing in the country where you want to store this regulated data. For example, some complex validation like checking the uniqueness of the entered email address in your application database. You can create a serverless function that runs a query against this email to InCountry Platform in the origin country and validates the uniqueness of the provided email address. If invalidated, the email address will be rejected by your application.

How do I implement a mixed-model scenario with InCountry Platform?

Let’s imagine a situation when you have an international online store. Its database is hosted in the United States of America. The primary customers come from the following countries:

  • Germany (restriction model)
  • Saudi Arabia (redaction model)
  • China (redaction model)
  • Russia (replication model)

The store backend and database reside in the United States, while the store frontend is available in each. You can handle this scenario with InCountry Platform, as follows:

  1. Your store frontend should receive some additional logic that will differentiate regulated data received from different countries.
  2. Once this is done, in each country you need to have InCountry Point-of-Presence and either InCountry REST API or InCountry Border. Each InCountry REST API or InCountry Border will operate in the necessary mode depending on the compliance requirements of the country.
  3. The store frontend will perform data requests to InCountry REST API or InCountry Border and save regulated data to InCountry Platform in the origin country according to the chosen data regulation model.

Limits and quotas

The section below outlines all the existing limits and quotas of the InCountry Platform which you should consider before integrating with it.

Subscription plan limits

The free plan allows you to create and store up to 100 records in the InCountry Platform.

Connection and request limits

The following connection limits are applied to components of InCountry Platform:

ApplicationConnection limit per one IP addressRequest rate limit for one connectionBurst for excessive requests
InCountry PoPAPI2510 per second5, delay
InCountry Portal25400 per minute10, no delay
InCountry REST API2510 per second5, delay
InCountry Border2510 per second5, delay

File upload limits

  • Maximal file size upload: 10 megabytes per file.
  • Parallel file upload limits: 5 files.

Record body limits

The default record body limit is 4096 bytes.

The record body limit for serverless functions is 15000 bytes.

Record limits

  • The returned record batch limit is 100 records per request.
  • Searchable keys per record: up to 10.
  • The limit for batch record write operations: 100 records per operation.