Deployment options & data control

Pick the model that fits your risk posture:

• Cloud (UAE by default): Fully managed by Canoma. Fastest start. Data at rest in‑region.
• Private VPC: Runs in your cloud account. You control perimeter/networking; we manage the app. BYOK supported.
• On‑prem: Self‑hosted. You control infra and physical security; we provide software and (optional) remote support.

In all models we process rule text + schema metadata + account data (no raw logs). Encryption in transit/at rest, SSO/RBAC, audit logs, and static validation apply. Region locking and egress policies are supported; cross‑border transfers (if any) follow our DPA and applicable transfer tools.