StackAI is the enterprise AI platform designed to meet the diverse security and infrastructure requirements of modern organizations. Recognizing that no two organizations have identical regulatory environments or risk tolerances, StackAI offers four distinct deployment models, from a fully managed Multi-Tenant Cloud to a completely isolated On-Premise installation.
This document outlines each deployment option, its architecture, security posture, operational considerations, and the types of organizations it is best suited for.
Multi-Tenant Cloud
The Multi-Tenant Cloud model is StackAI's standard offering and the fastest way for organizations to get started. In this configuration, multiple organizations share the same cloud infrastructure. Each organization's data is logically separated within the shared environment using tenant-level isolation at the database layer. This model is appropriate for the vast majority of organizations and is suitable for teams that want immediate access to StackAI with no infrastructure overhead.
Dedicated Cloud
For organizations that require dedicated infrastructure but do not want to manage it themselves, StackAI offers a fully managed Dedicated Cloud deployment. StackAI provisions and operates a dedicated VPC exclusively for one customer. No other organization shares this infrastructure.
This deployment is common for regulated industries such as financial services, healthcare, and government-adjacent contractors that require data isolation but lack the internal resources for self-managed infrastructure.
Private Cloud (BYOC)
For organizations that require full control over their cloud infrastructure, StackAI deploys within a customer-owned VPC — the Private Cloud, or Bring Your Own Cloud (BYOC), model. StackAI manages the software remotely via a scoped cross-account IAM role; the customer manages infrastructure, networking, and IAM. User accounts from StackAI will be enabled for deployment, then can be disabled until needed. Because your data never leaves your cloud, you have the highest level of data sovereignty without the constraints of an air-gapped environment. Organizations requiring no vendor access can choose the non-IAM mode, where StackAI only provides advisory support.
On-Premise
For organizations that require full operational control, StackAI deploys entirely within the customer's environment — physical data center or isolated cloud account. The customer owns and operates everything: infrastructure, control plane, and data plane. StackAI provides documentation, signed release bundles, and advisory support.
This deployment is reserved for organizations with the most stringent security requirements, such as defense contractors and banks. It comes with significant operational complexity and requires close collaboration between StackAI and the customer's on-site IT staff.
Deployment Model Comparison
The table below summarizes the key characteristics of each deployment option to aid in decision-making.
Multi-Tenant | Dedicated | Private Cloud | On-Premise | |
|---|---|---|---|---|
Setup Time | Immediate | 1-2 Weeks | 2-4 Weeks | 4+ Weeks |
Hosted By | StackAI (Shared) | StackAI (isolated) | Your cloud account | Your data center |
Operated By | StackAI | StackAI | StackAI (app) and you (infra) | You (StackAI advises) |
Updates | Automatic, continuous | Scheduled, StackAI applies | Remotely managed by StackAI | You apply from Helm releases |
Hosting Domain | stackai.com (StackAI-Owned) | {org}.stackai.com (StackAI-Owned) | stackai.{org}.com (Customer-Owned) | stackai.{org}.com (Customer-Owned) |
Compliance Posture | SOC 2 Type II, ISO 27001, GDPR | SOC 2 Type II, ISO 27001, GDPR, HIPAA | SOC 2 Type II, ISO 27001, GDPR, HIPAA + your cloud controls | SOC 2 Type II, ISO 27001, GDPR + your environment controls |
Data Residency | StackAI cloud regions | Configurable dedicated region | Your cloud region | Your physical location |
Across all deployment models, however, StackAI is built on a security-first foundation. The following protections apply regardless of deployment type:
All data in transit is encrypted using TLS 1.2 or higher
All data at rest is encrypted using AES-256 or equivalent
StackAI's multi-tenant platform is SOC 2 Type II certified
Data Processing Agreements (DPAs) are available for all deployment models
Logical and physical tenant isolation is enforced at every layer
StackAI's flexible deployment architecture ensures that organizations of any size and security profile can leverage enterprise AI without compromising on control.
Choosing the Right Deployment Model
The appropriate deployment model depends on a combination of regulatory requirements, internal IT capacity, risk tolerance, and time-to-value expectations. Most organizations are well-served by Multi-Tenant Cloud. It provides enterprise-grade security, rapid deployment, and zero infrastructure overhead — the right choice for teams that want to move quickly and trust StackAI's security posture.
Organizations in regulated industries typically benefit from Dedicated Cloud. This model provides data isolation and regional control required for compliance without placing infrastructure management burdens on the customer.
Private Cloud (BYOC) and On-Premise are best reserved for organizations with specific data sovereignty requirements, mature internal IT teams, and a tolerance for longer deployment timelines and higher operational complexity. While these models offer the greatest level of control, they come with meaningful trade-offs in update frequency, support responsiveness, and deployment speed.
Want to discuss which deployment model is best for you? Book a call with our AI experts here.
Fonsi Hernández
Engineering at StackAI
