Where Does Your AI Tool Actually Keep Your Data?

A founder in Surry Hills asked me last month where her data goes when she pastes a client brief into ChatGPT. She had ticked the data-residency box at sign-up and assumed her files stayed in Australia.

They don't. Not the way she thought. The model inference still runs in the United States. Only the stored conversations sit at-rest in a Sydney region. That distinction is buried in OpenAI's help docs and it is the difference between a quiet APP 8 disclosure and a clean one (OpenAI Help Center).

This is the gap most Australian SMEs walk into. The marketing says "data residency in Australia". The reality is "some of your data, some of the time, in some places".

What "data residency" actually means

Vendors use the phrase loosely. There are three distinct things it could mean.

Data at rest is where your stored content sits when nobody is using it. The easiest commitment for a vendor to make.

Data in transit is the network path your data follows while being processed. Rarely advertised.

Data in use is where the model itself runs the inference on your prompt. For most US-headquartered AI tools, this is still the United States by default (OpenAI).

When a vendor says "available in Australia", ask which of the three they mean. Usually it is only the first.

What the law actually requires

The Privacy Act 1988 and the Australian Privacy Principles do not ban offshore data processing. They make you accountable for it.

APP 8 is the one that matters here. Before you send personal information overseas — and that includes pushing it through a US-hosted AI API — you have to take reasonable steps to make sure the overseas recipient handles it consistently with the APPs. If they mishandle it, you are on the hook, not them (OAIC APP 8 Guidelines).

There are two ways to satisfy this: either the overseas recipient is in a country with substantially similar privacy protection, or you get the individual's informed consent. The United States does not meet the test, so most Australian businesses fall back on consent — usually a line buried in a privacy policy nobody reads.

The OAIC is no longer letting that slide. In January 2026 it opened its first targeted compliance sweep of privacy policies, with penalties up to $66,000 for non-compliant entities (OAIC). The Commissioner has signalled a shift to an enforcement-led approach for 2026, with civil penalty proceedings continuing against Optus and Medibank (Clifford Chance). There is also a 10 December 2026 deadline for new automated decision-making transparency obligations — if AI substantially influences decisions about your customers, your privacy policy needs to say so.

How to read a vendor's privacy policy

Three things to look for. None require a lawyer.

Where the sub-processors are. Reputable vendors publish a list. If it includes US hyperscalers, US analytics vendors, or US model providers, your data is touching the US even if the storage region says Sydney.

What "Australia" actually covers. If the policy only commits to "data at rest" or "storage region", inference is happening somewhere else. Ask where.

Their stance on training. Good vendors say "we do not train on your business data". Bad ones bury it in a clause about "service improvement".

Three vendor categories to avoid

The wrapper with no infrastructure. A thin UI in front of OpenAI or Anthropic, sold with Australian branding and an ABN. The data path is unchanged.

The "compliant" vendor with no certifications. Compliance is not a self-declaration. Ask for IRAP letters, ISO 27001, or SOC 2 Type II reports. If they cannot produce them, the claim is marketing copy.

The Australian shop running on US infrastructure with no sovereign agreement. AWS Sydney and Azure Australia East are physically here, but the parent companies are subject to US extraterritorial law including the CLOUD Act. Workable for most SMEs, but not the same as sovereign hosting.

The real onshore options

Three workable patterns for most SMEs.

Hyperscaler regions with an enterprise agreement. AWS, Azure, and Google Cloud all operate Sydney and Melbourne regions with IRAP assessments at the Protected level (Cyber.gov.au). Sufficient for non-classified business data. Confirm your AI tool actually uses these regions for inference, not just storage.

Sovereign infrastructure. SCX.ai launched Australia's first sovereign AI inference node in Sydney in January 2026, hosted at Equinix SY5 on SambaNova ASIC architecture, with no offshore touchpoints (HPCwire). Early, but real.

Self-hosted open-weight models. Llama, Mistral, or Qwen running on your own infrastructure or a domestically hosted VM. Higher operational burden, full control over the data path.

The Australian Government released its National Expectations for data centres and AI infrastructure on 23 March 2026, putting national interest and data sovereignty at the front of the document (Department of Industry, Science and Resources). Sovereign capacity is being built.

The contract clauses to ask for

Four things in writing before you sign.

A specified region for both data at rest and data in use, named explicitly, with notification if it changes. A no-training commitment in plain language, covering business and customer data. A list of sub-processors with locations, updated when the list changes. A right to request the most recent IRAP, ISO 27001, or SOC 2 Type II report.

If a vendor pushes back on any of these, that is your answer about how seriously they take Australian compliance.

Where we sit on this

The point of an AI tool is not to replace your team's judgement. It is to help them work faster on the things they already do well. We have written before about why we build AI that augments rather than replaces (Augment, Not Automate), and data residency is a direct extension of that view.

If a tool removes your team's control over where client data goes, it is not augmenting anyone. It is just creating new risk under a friendlier label. For most Australian SMEs, the right answer is knowing exactly which of the three "Australia" promises your vendor is actually making, and getting the rest in the contract.

FAQ

Is ChatGPT compliant with the Australian Privacy Act?

ChatGPT Enterprise and ChatGPT Edu can store data at rest in Australia, but inference still runs in the United States by default. That means personal information you submit is being disclosed overseas under APP 8, and you remain accountable for it. Compliance depends on what you submit, what consent you have, and what your own privacy policy discloses — not on a tick-box at sign-up.

What is the difference between data sovereignty and data residency?

Data residency means your data is stored or processed in a specific geographic location. Data sovereignty means it is also subject only to that country's laws, with no extraterritorial reach from a parent company's jurisdiction. AWS Sydney offers residency. SCX.ai's Sydney node offers sovereignty. They are not the same and the contract should make clear which one you are buying.

Do I need IRAP certification to use AI in my business?

No. IRAP is the framework the Australian Signals Directorate uses to assess cloud services for government and classified workloads. Most SMEs do not handle data at that classification level. IRAP-assessed vendors are still a useful signal of maturity, but the practical bar for most businesses is APP compliance under the Privacy Act, not IRAP.