UK Data Residency
Your client conversations never leave the United Kingdom
Last updated: April 2026
When a financial adviser records a client meeting through TakeNote, every element of that interaction — the audio recording, the transcription, the compliance summary, and all associated metadata — is processed and stored exclusively within the United Kingdom. This is not a configuration option. It is not a premium add-on. It is how TakeNote is built. We believe that when clients share their financial circumstances, health information, family details, and retirement plans in a recorded meeting, that data should remain under UK jurisdiction and UK data protection law at every stage of its lifecycle. No exceptions.
Where your data lives
TakeNote's entire infrastructure is hosted on Microsoft Azure in the UK South region.
Audio Processing
Meeting recordings are ingested and processed within Azure UK South. Raw audio never leaves the UK at any point during transcription or analysis.
Transcription
Speech-to-text processing is performed within the UK region. Transcribed text is stored encrypted at rest within UK-based Azure storage.
AI Summarisation
The generation of FCA-structured suitability summaries, risk profile documentation, and compliance analysis takes place entirely within UK-based compute infrastructure.
Data Storage
All stored data, including meeting recordings, transcriptions, summaries, metadata, audit logs, and user account information, resides in Azure UK South.
Backups
Automated backups are maintained within UK-based Azure infrastructure. Backup data is not replicated to any region outside the United Kingdom.
At no point in the processing pipeline does client data transit through, or become temporarily stored in, infrastructure located outside the UK.
Why data residency matters for regulated firms
For most businesses, data residency is a preference. For FCA-regulated financial advisory firms, it is a governance obligation.
Regulatory Expectations
The FCA expects regulated firms to maintain appropriate oversight over their data processing arrangements, including a clear understanding of where client data is stored and processed. Under Consumer Duty, firms must demonstrate that they are acting in the best interests of their clients — and that extends to the protection of their personal data.
UK GDPR Compliance
While the UK GDPR permits international data transfers under certain safeguards, maintaining UK-only processing eliminates the need for Transfer Impact Assessments, International Data Transfer Agreements, or reliance on adequacy decisions that may change over time. UK residency is the simplest, most robust approach to data protection compliance.
Client Confidence
Advisory clients are increasingly aware of how their data is handled. Being able to tell a client that their recorded conversations are processed and stored entirely within the UK is a straightforward, credible assurance that strengthens the trust relationship.
Audit Simplicity
When your data resides in a single, clearly defined UK jurisdiction, demonstrating compliance to the FCA, the ICO, or any other supervisory authority becomes significantly simpler. There are no cross-border data flow diagrams to explain, no third-country sub-processors to justify, and no transfer mechanisms to maintain.
How this compares to generic AI meeting tools
Most AI meeting and transcription tools are built by US-based companies and process data through US or globally distributed infrastructure. For an FCA-regulated firm recording conversations that contain sensitive client financial data, this introduces complexity that can be avoided entirely.
Common issues with non-UK processing include:
Uncertain Data Flows
Audio may be processed in one region, stored in another, and backed up in a third. Understanding exactly where client data resides at any given moment can be difficult to establish and harder to evidence to a regulator.
Transfer Mechanism Dependency
International transfers rely on adequacy decisions, standard contractual clauses, or other safeguards that can change. The UK's adequacy decisions with respect to certain jurisdictions are not permanent and may be reviewed. UK-only processing removes this dependency entirely.
Sub-processor Chains
Generic tools may use multiple sub-processors across different jurisdictions for different parts of the processing pipeline. Each additional sub-processor in a different country adds a layer of governance complexity and potential risk.
Model Training Concerns
Some AI providers process user data through globally distributed infrastructure for the purpose of model training and improvement. TakeNote does not use client data for model training under any circumstances, and all processing remains within the UK regardless of purpose.
Infrastructure details
| Cloud Provider | Microsoft Azure |
| Primary Region | UK South |
| Encryption at Rest | AES-256 via Azure Key Vault |
| Encryption in Transit | TLS 1.3 |
| Key Management | Azure Key Vault with automatic annual rotation |
| Network Security | Virtual Private Network with no public internet exposure for data storage layers |
| DDoS Protection | Azure DDoS Protection |
| Backup Location | UK-based Azure infrastructure |
| Data Replication | Within UK regions only |
Frequently asked questions
All client data is stored in Microsoft Azure's UK South data centre. This includes recordings, transcriptions, summaries, metadata, and backups.
Questions about data residency?
If you have specific questions about our data residency arrangements, need documentation for your firm's due diligence process, or would like to discuss our infrastructure in more detail, we're happy to help.