This is extremely important for my company, as in our field of work, we face very serious regulations that enforce us to keep our users’ data within the country. It is prohibited to use any kind of cloud hosting abroad for our services.
We use SSO for Discourse login, and Discourse’s business plan for hosting. What concerns me is when I can go to a user’s profile page, switch to admin view and scroll to the bottom; I can view the exact sensitive user data that we are not allowed to send abroad. I’m not that knowledgable on this aspect, so I don’t understand if this information taken abroad at any point in time, during or after the SSO occurs. I’d appreciate any help