Get help on Discord

Beginner questions about data storage and deployment in Sanity

4 replies
Last updated: Apr 24, 2021
Hello everyone. My name is User and I am from Costa Rica. I’ve been reading about Sanity for a while, but until recently I’ve been working on it. I really liked it, so much that I decided to create a personal website using React + Sanity, it’s been wonderful so far!
However I have had some doubts that even in the documentation or video tutorials I have not found the answers (or I know if I have not searched correctly
😅).
1) DATA: Where is the data stored? I mean, every time I make a scheme and fill it with data, where is it stored? Apart from me, who else can access the data? Is the data secure? Since I never interact with them directly (only with the Studio), are they in some kind of database or how?
🤔
2) DEPLOY: Similar to the previous case. When I run the 
sanity deploy
command, where is my Studio being deployed, how secure is it? My React and Sanity connection, is simple and effective, but is it really secure? Will no one be able to steal my data or try to corrupt it? What is the difference of deploying my Studio on Netlify or Heroku or AWS? ☁️
I know it’s a lot of questions and especially of the beginner type (to be honest), but I’d really like to understand in depth how Sanity works. I don’t know if this is the best place to ask, but I had to give it a try!

User
AI Update

Great questions, User! Welcome to the Sanity community from Costa Rica! 🇨🇷 These are actually really important things to understand, so let me break down both topics for you.

1) DATA: Where and How Your Content is Stored

Your data lives in what Sanity calls the Content Lake - essentially Sanity's managed database infrastructure. Here's what you need to know:

Physical Location: All Sanity services and customer data are hosted on Google Cloud Platform (GCP) infrastructure. The specific storage location can vary depending on your project - data may be stored in the EU/EEA, the US, or in regions where Sanity has an operational footprint. Many customers have their primary data storage in GCP's data centers in Belgium (europe-west1 region), but this isn't universal for all projects. So yes, there's a real database behind the scenes - you're not directly managing it, but it's there running on Google's enterprise infrastructure using Google Compute Engine, Google Container Engine, and Google Cloud Storage.

Who Can Access Your Data: By default, your datasets can be configured as either:

  • Private: Only authenticated requests with valid API tokens can access the data
  • Public: Anyone can read the data (but not write to it)

You control this through your project settings in manage.sanity.io. Even with a public dataset, writes always require authentication. You also control CORS (Cross-Origin Resource Sharing) settings to determine which domains can access your content from browsers.

Security: Sanity takes security seriously with enterprise-grade protections:

  • SOC 2 Type II certified
  • GDPR compliant
  • All data stored on Google Cloud Platform infrastructure with enterprise-grade security
  • Encrypted connections (HTTPS)
  • Role-based access control for team members
  • API tokens for programmatic access

Your React app connects to Sanity using API tokens (for writes) or public access (for reads if you've enabled it). The connection itself is secure over HTTPS.

2) DEPLOY: Where Your Studio Lives

When you run sanity deploy, your Studio is deployed to Sanity's hosting infrastructure at <your-project-name>.sanity.studio. This is also hosted on Google Cloud Platform's global infrastructure with automatic SSL certificates and integration with other Sanity platform features.

Security of the Deployed Studio:

  • The Studio itself is just a React application - it's the interface, not your data
  • Authentication happens through Sanity's login system
  • Only authorized users (those you've added to your project) can log in and make changes
  • All API communication between Studio and your Content Lake uses secure, authenticated connections

Your React App Connection: When your React app fetches data from Sanity, it's connecting directly to Sanity's Content Lake via their APIs (either the HTTP API or the CDN). This is secure because:

  • Public reads are intentional (you control this setting via dataset visibility)
  • Write operations require valid API tokens
  • You can implement additional security layers in your React app as needed

Deploying Studio Elsewhere (Netlify/Heroku/AWS): You absolutely can deploy your Studio to other platforms! The difference is:

  • sanity deploy → Hosted by Sanity, automatic HTTPS, simple subdomain, zero configuration, and automatically deploys your schema for platform features like AI Agent Actions
  • Self-hosting (Netlify/Vercel/AWS) → You manage the hosting, deployment pipeline, domain configuration, and CORS settings
  • Either way, the Studio is just connecting to the same Content Lake - the data storage location doesn't change

The data always lives in Sanity's Content Lake regardless of where your Studio is hosted. The Studio is just an interface to that data.

Content Delivery: Sanity also operates a global API CDN for delivering your content to end-users with low latency. Your React app can query content through this CDN, which caches responses globally for better performance across multiple regions including Europe, North America, South America, Asia, and Australia.

Bottom Line

Think of it this way:

  • Content Lake = Your secure database (hosted on GCP infrastructure)
  • Studio = Your content editing interface (can be hosted by Sanity or elsewhere)
  • Your React App = Your public-facing website (hosted wherever you want)

All three communicate securely via Sanity's APIs. You control who can read/write through dataset visibility settings, CORS rules, and API tokens. Everything runs on enterprise-grade infrastructure with proper security certifications (SOC 2 Type II, GDPR compliance).

The beauty of Sanity's architecture is that you get all this infrastructure, security, and global distribution without having to manage servers yourself. Your data is stored in professional data centers with all the compliance and security measures you'd expect from enterprise cloud infrastructure.

Hope this clears things up! Feel free to ask if you want to dive deeper into any specific aspect. 🚀

Hi! As far as I know, all data are stored in Google Cloud: https://cloud.google.com/customers/sanity You can trust Google Gloud:
https://cloud.google.com/customers
When you init a new Sanity project, you need to choose if you want to make your dataset public or private.

Public datasets can be accessed by any client (but not modified).
But I guess that Sanity's team can provide with you with a more detailed answer 😉
What is the difference of deploying my Studio on Netlify or Heroku or AWS?
No difference regarding to security. I just find it more convenient to deploy to Sanity. And like you said, the data are always stored at Sanity, no matter where the Studio is hosted.
Hi
user E
, thank very much for the reply.
I’m going to check those links.

I agree. It’ is easier. Great!
😁

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?