When your data cannot leave a perimeter, the platform comes to it

Why it matters

Most workflow tools offer a single deployment model: their cloud, their boundaries, their operations. For most customers this is fine, and it is genuinely the simpler choice when it fits. But some customers require on-premise workflow software or sovereign cloud control. 

Insurance and member data. Health insurance plans managing PHI must deploy under HIPAA-compliant configurations with Business Associate Agreements covering every system that touches member data, often with deployment requirements that go beyond default SaaS. Medicare and Medicaid carriers face additional CMS oversight on marketing materials, member communications, and claims documentation, where audit trails and retention controls are scrutinized directly. Life insurance and annuities carriers operate under state insurance commissioner oversight with NAIC model regulations, which impose state-by-state filing, retention, and residency requirements that vary across jurisdictions. For all of these segments, deployment posture is a regulatory question, not a procurement preference.

Healthcare providers and PHI. Healthcare systems managing clinical documentation under HIPAA face the same considerations as health plans, often layered with state-level requirements and institutional governance that constrain cloud use further. Many health systems prefer to keep PHI inside their own boundary, either in their own cloud subscription or on-premise, rather than relying on a vendor's cloud configuration.

Pharma and life sciences. FDA inspection scope can extend to the systems that generate regulated documentation. Some pharma customers require deployment models where the regulatory data, the audit trail, and the AI provenance all live inside infrastructure they directly control, simplifying inspection readiness and reducing vendor scope in audits.

Financial services beyond insurance. Various financial services regulations include data residency, access logging, and operational control requirements that drive customers toward self-hosted or on-premise deployment, particularly for materials related to regulated client communications, trading documentation, or audit-relevant records.

Defense, intelligence, and government. Sovereign cloud requirements (Azure Government, AWS GovCloud, equivalent) and air-gap requirements for classified or highly sensitive material rule out standard SaaS deployment entirely. Customers in these categories need on-premise deployment or self-hosted inside sovereign cloud boundaries.

Vendor concentration risk. Even where regulation does not require it, some customers deliberately avoid vendor-operated SaaS for their most sensitive data. They prefer to operate the infrastructure themselves, on their terms, on their compliance frameworks.

For all of these customers, "send your content to a third-party cloud" is not an acceptable answer. Sovereign Deployment Options exists for them.

The three deployment models

Aproove-hosted on Microsoft Azure. The default deployment for most customers. Aproove provisions, operates, and maintains a dedicated cluster for your organization on Microsoft Azure. The cluster is yours; you do not share infrastructure with other customers. Configuration includes HIPAA-aligned controls, encryption at rest, tenant isolation, TLS 1.2+ in transit, multi-region backup vaults, and ongoing SOC and HIPAA compliance evidence collection. RPO and RTO are 24 hours per customer agreements, validated through quarterly Business Continuity Tests. Your team uses the platform; Aproove operates the infrastructure. Suitable for most enterprise and regulated customers, including many health insurance and Medicare deployments under appropriate Business Associate Agreements.

Self-hosted in your cloud. For organizations that require operational control over the infrastructure, Aproove can be deployed inside your own cloud environment (typically Azure, with documented patterns; other clouds supported by customer operations). Your IT team provisions and operates the infrastructure. The platform runs on your network. Data residency, network isolation, access controls, backup policy, and compliance frameworks are governed by your team. Cluster architecture is supported and documented for horizontal scaling. Aproove provides the software and configuration support; your team provides the operations. Suitable for customers who need their data and operations inside their own cloud boundary, including insurance carriers with strict cloud governance and healthcare systems with institutional cloud restrictions.

On-premise in your data center. For environments where cloud is not an option, Aproove can be deployed in your on-premise data center. The platform runs on your physical infrastructure, inside your network perimeter, with no external cloud dependency. On-premise deployments include the same software, same features, and same security architecture, and require an additional security license for the encrypted runtime configuration. Suitable for sovereign-cloud customers, defense and intelligence customers, air-gapped environments, and any organization whose data sovereignty requirements rule out external infrastructure entirely.

What this means for your data

The deployment choice is fundamentally a choice about where your data lives.

In the Aproove-hosted Azure model, your content lives on a dedicated Aproove-operated Azure cluster, in the Azure region you select, with backups in additional Azure regions. Aproove operates the infrastructure under documented controls, with evidence collection feeding ISO 27001, HIPAA, and SOC 2 compliance frameworks.

In the self-hosted model, your content lives on infrastructure your team provisions, in the cloud or region of your choice, under your operational controls. Aproove software runs on it; your team is the operator. Your compliance framework applies.

In the on-premise model, your content lives entirely inside your physical perimeter. No external cloud. No vendor operations. Your team controls everything from the hardware up. Air-gapped configurations are possible.

Across all three models, the audit trail, the e-signature support, the ISO 27001-aligned ISMS, and the documented compliance posture stay consistent. What changes is who has physical and operational access to the data.

What stays constant across deployments

The deployment choice does not change what the platform does. Across all three models:

• The same workflow engine, decision-based routing, parallel approval flows, and conflict management.
• The same atomic file breakdown, streaming architecture, and Review Interface.
• The same layered access control with content and action permissions.
• The same audit trail, e-signature support, and FDA 21 CFR Part 11 compliance posture.
• The same integration framework (RPC API, Concoord, webhooks, hot folders, SAML SSO).
• The same AI Agent framework, with the same governance, attribution, and audit capture.

Customers in regulated environments do not get a stripped-down version. The full platform runs in every deployment model.

A note on AI inference path

For customers whose data sovereignty extends to AI inference, Aproove's AI Agent framework supports multiple inference paths. Frontier LLM providers (OpenAI, Anthropic) for customers whose data permits external AI calls, in-tenant models (such as Azure OpenAI Service running in your Azure subscription) for customers who need inference inside their cloud boundary, and self-hosted or on-premise models for customers who need inference fully inside their own infrastructure. The platform runs the same Agent framework against any of these inference paths, with the same audit capture and governance. See the Open LLM Philosophy card for detail on the AI provider choice.

Benefits

• Three deployment models, one platform. The same software and capability run in Aproove-hosted Azure, customer self-hosted, and on-premise workflow configurations.
• Data sovereignty preserved. Customers whose data cannot leave a perimeter (HIPAA, CMS, state insurance regulations, FDA, financial regulatory, defense, sovereign cloud) can deploy inside that perimeter.
• No feature gaps in regulated deployments. Self-hosted and on-premise customers run the full platform, not a reduced edition.
• Compliance posture maintained across models. ISO 27001-aligned ISMS, FDA 21 CFR Part 11 e-signature, HIPAA-aligned configuration, and audit trail integrity hold in every deployment.
• Air-gap-ready. On-premise platform supports fully air-gapped deployment with no external dependency, including for AI when paired with self-hosted inference.
• Sovereign-cloud-ready. Self-hosted in Azure Government, AWS GovCloud, or equivalent sovereign environments is supported.
• AI inference path matches data sovereignty. AI Agent inference can run on frontier APIs, in-tenant models, or self-hosted inference, allowing the AI deployment to match the platform deployment.

Vendor risk under your control. Self-hosted and on-premise deployments place infrastructure operations in your hands rather than the vendor's.

Who it's for

• Health insurance plans managing PHI, member communications, and claims documentation under HIPAA, where Business Associate Agreements and deployment posture extend to every system touching member data.
• Medicare and Medicaid plans running marketing materials review under CMS regulations (Medicare Communications and Marketing Guidelines, ACA marketplace requirements), where every piece of member-facing communication is reviewed against jurisdiction-specific criteria, often through twenty or more rounds of revision per piece.
• Life insurance and annuities carriers managing illustrations, disclosures, agent communications, and suitability documentation under state insurance commissioner oversight and NAIC model regulations. Filings, illustrations, and customer-facing materials must be reviewed and archived under strict residency, audit, and retention controls that vary state by state.
• Property and casualty insurance carriers managing policy documentation, regulated marketing materials, and claim files where audit defensibility and data residency requirements apply.
• Healthcare systems and providers managing PHI and clinical documentation under HIPAA, often with deployment requirements that extend beyond standard SaaS into self-hosted or on-premise configurations.
• Pharma and life sciences organizations managing regulated documentation under FDA inspection scope.
• Financial services firms beyond insurance subject to regulatory data residency, access logging, and operational control requirements (banking, asset management, broker-dealer operations).
• Government, defense, and intelligence customers requiring on-premise or sovereign-cloud deployment.
• Customers in jurisdictions with strict data residency laws (EU, certain APAC, sector-specific frameworks elsewhere).
• Enterprises with vendor concentration concerns preferring operational control over the infrastructure layer.

Air-gapped environments where third-party SaaS is categorically not an option.

Under the hood

Sovereign Deployment Options is enabled by Aproove's deployment-agnostic software architecture. The platform stack (Aproove Backend Processing nodes for ingestion and tiling, Aproove Frontend User nodes for the Review Interface and API, Project Storage, Database) deploys identically on Aproove-hosted Microsoft Azure infrastructure, customer-self-hosted cloud (typically Azure with documented patterns; other clouds supported by customer operations), and on-premise data center installations. On-premise deployments require an additional security license for the encrypted runtime configuration. Cluster architecture is supported and documented (TN 38: Configure Aproove WM to run on several servers), enabling horizontal scaling regardless of deployment model. Backup and disaster recovery patterns are documented per deployment model: Aproove-hosted Azure uses multi-region Recovery Services Vaults with quarterly Business Continuity Tests; self-hosted and on-premise deployments use customer-defined backup policies aligned with the customer's compliance framework. Compliance evidence collection (SOC 2, HIPAA via Scrut Automation on Azure) applies to Aproove-hosted Azure deployments; self-hosted and on-premise deployments inherit the customer's compliance framework, with Aproove providing software-level evidence and ISMS documentation as needed. AI Agent inference is abstracted through a provider configuration layer, supporting OpenAI and Anthropic frontier APIs out of the box, in-tenant model deployments (such as Azure OpenAI Service), and customer-hosted model endpoints, allowing AI deployment to be configured independently of platform deployment.