Deployment options
Run Stategraph wherever your compliance posture requires.
Stategraph Cloud (single-tenant SaaS)
Dedicated infrastructure with your own isolated Postgres. We run it.
BYOC
We operate Stategraph inside your cloud account. You own the data; we run the software.
Self-Hosted / Air-Gapped
Run Stategraph entirely inside your perimeter. Regulated, sovereign, or fully air-gapped.
Security and compliance
Every control your security team will ask about, ready by default.
Single sign-on
SAML 2.0 and OIDC against any identity provider — Okta, Google Workspace, Azure AD.
Role-based access
Per-team and per-environment roles. Admin, developer, and read-only by default.
Audit and transaction history
tx_b421 · iam_role · created
Every state change is a transaction with attribution and a full diff. Every access is logged.
Encryption at rest and in transit
Postgres encryption at rest, TLS in transit. Bring-your-own-key available on request.
Private networking
VPC peering and private endpoints on BYOC. No public ingress required.
Data residency
Pin data to specific regions, or run entirely inside your perimeter.
What Enterprise includes
Everything in the platform, plus the operating support a serious customer needs.
Who Enterprise is for
Teams whose deployment, audit, or compliance posture rules out a standard SaaS contract.
Platform engineering teams
Internal platform every product team ships on. Multi-team isolation, audit per team, parallel ship across the whole org.
Read the platform engineering story →Regulated industries
Every change attributed. Every access logged. Your data stays in your account, not a vendor's.
Talk to our team →Sovereign and air-gapped
A perimeter that doesn't reach the public internet. Stategraph ships self-contained, no phone-home.
Talk to our team →Ready to talk?
Demos and security reviews are run by engineers, not sales. Bring your checklist — we'll work through it together.