Deployment Models
Air-gapped. On-premises. Swiss-hosted. Your choice, your custody.
Where the system runs decides who could ever touch your archive. We build all four custody models; the architecture review determines which one fits your risk posture.
The four models
1 — Air-gapped
No internet path at all. Models, software, and updates arrive on verified offline media through a defined procedure. Highest custody, highest operational discipline — suited to the most sensitive family, legal, medical, and board archives.
Trade-off: updates and support are slower by design; every change follows the offline procedure.
2 — On-premises, private network
The system runs in your building, reachable only from your internal network. Maintenance happens in windows you approve; remote support, if permitted at all, follows an explicit, logged access path.
Trade-off: your building provides power, cooling, and physical security — we specify what is needed.
3 — Swiss-hosted dedicated
Your own single-tenant hardware in a certified Swiss data centre — when you cannot or do not want to host it yourself. Data residency is contractual; hardware is yours; nothing is shared.
Trade-off: physical custody sits with the facility; stronger than any shared platform, weaker than your own building.
4 — Hybrid, policy-gated
Local systems by default; clearly approved external models only for tasks classified as non-sensitive — enforced by a routing policy, with logs that show which request went where and why.
Trade-off: requires an explicit data-classification policy; we help you write it before anything is routed.
Custody properties compared
| Property | Air-gapped | On-premises | Swiss-hosted | Hybrid |
|---|---|---|---|---|
| Documents leave your custody | never | never | to your own hardware in a Swiss facility | never for sensitive classes |
| Internet exposure | none | none by default | controlled, single-tenant | policy-gated per data class |
| External model use | none | none | none | approved tasks only, logged |
| Update path | offline media | approved windows | approved windows | approved windows |
| Physical security | your building | your building | certified facility | per component |
| Typical fit | estate, board, medical archives | family offices, law firms | institutions without server rooms | teams with mixed workloads |
All four models include the same governance layer: access control, audit logs, source-grounded retrieval, and evaluation before reliance.