Private Execution Fabric
Deploy MazeLabs within customer-controlled environments. From managed SaaS to private VPC to fully local execution — your data never leaves your boundary.
Deployment Models
Cloud SaaS
AvailableFully managed MazeLabs deployment. Customer data is encrypted at rest and in transit. Strict tenant isolation with no cross-tenant data access.
- SOC 2 compliance path
- Tenant-isolated storage
- 99.9% uptime SLA
- Automatic updates
Private VPC
AvailableMazeLabs deployed within the customer's AWS, GCP, or Azure VPC. No data leaves the customer's network boundary. Customer manages encryption keys.
- Customer-managed KMS
- VPC-native deployment
- Private endpoints only
- Customer-controlled networking
Local Execution
AvailableRun MazeLabs entirely on-premises. Docker-based deployment with local model execution. Zero external network calls for simulation and scoring.
- Docker / K8s deployment
- Local model execution
- Zero external calls
- Full data sovereignty
Air-Gapped
PlannedFully disconnected deployment for regulated environments. Complete offline operation with manual update packages and local model inference.
- No internet required
- Manual update packages
- Offline model inference
- ITAR / FedRAMP path
Deployment Comparison
| Capability | Cloud SaaS | Private VPC | Local | Air-Gapped |
|---|---|---|---|---|
| Data leaves customer network | Yes (encrypted) | No | No | No |
| Customer-managed encryption | Optional | Yes | Yes | Yes |
| External AI model calls | Configurable | Configurable | Local only | None |
| Automatic updates | Yes | Yes | Manual | Manual |
| Audit logging | ✓ | ✓ | ✓ | ✓ |
| Redaction engine | ✓ | ✓ | ✓ | ✓ |
| Offline operation | No | No | Yes | Yes |
| Compliance path | SOC 2 | SOC 2, HIPAA | SOC 2, HIPAA | ITAR, FedRAMP |
Privacy Controls
Customer-Owned Data
All operational evidence, simulation state, and scoring data is owned and controlled exclusively by the customer.
Encryption at Rest & Transit
AES-256 encryption for stored data. TLS 1.3 for all data in transit. Customer-managed encryption keys in VPC and local deployments.
Audit Trails
Every data access, model invocation, simulation event, and administrative action is logged with immutable audit trails.
Model Routing Boundaries
Customers define which AI models can be used, which data can be sent to external APIs, and which operations must remain local.
Redaction-First Pipeline
All evidence passes through the Redaction Engine before any AI reasoning. Secrets, PII, and internal infrastructure details are masked by default.