Deployment Options
Omniflow runs in four shapes. Pick based on your compliance posture, data residency requirements, and operations capacity.
The four options
| Option | Where it runs | Best for |
|---|---|---|
| Full SaaS (multi-tenant) | Omniflow’s managed cloud | Most customers — fastest to deploy, lowest operational overhead. |
| Private cloud (single-tenant) | Dedicated AWS / Azure / GCP project, region of your choice | Regulated industries, custom retention, custom DLP, mTLS. |
| Exoscale (Switzerland) | Exoscale’s Swiss datacenters | FINMA-regulated workloads, Swiss data residency. |
| On-premise | Customer’s own infrastructure | Air-gapped or sovereign-cloud requirements. |
Multi-tenant SaaS — isolation model
In SaaS, every customer is a workspace in a multi-tenant database. Isolation is enforced at the row level using PostgreSQL Row-Level Security (RLS):
- Every business table has a
tenant_idcolumn. - Every RLS policy gates reads and writes on
tenant_id = auth.tenant(). - Service-role connections (edge functions) explicitly scope queries by
tenant_id. - Cross-tenant access is blocked by default at the database level — bugs in application code can’t expose other customers’ data.
| Property | SaaS |
|---|---|
| Database | Shared PostgreSQL cluster, RLS-enforced row isolation. |
| Object storage | Per-tenant prefixed bucket paths; ACLs scoped per tenant. |
| Vector index | Per-agent index, scoped by tenant. |
| Voice runtime | Shared Railway runtime, JWT-scoped per tenant. |
| Background workers | Shared, with per-tenant rate limits. |
For customers with stricter isolation requirements, private cloud moves the database, storage, and runtime into a dedicated environment.
Private cloud — what’s dedicated
| Component | Dedicated |
|---|---|
| Database | Dedicated PostgreSQL instance in your region. |
| Object storage | Dedicated bucket. |
| Voice runtime | Dedicated Railway / Fly project. |
| Edge functions | Dedicated Supabase project. |
| CDN / ingress | Dedicated (regional). |
Source code is provided to customers in private cloud deployments under the customer-source license — read access for security review, no redistribution.
Exoscale (Switzerland)
For Swiss data residency and FINMA-regulated workloads:
- Deployed in Exoscale’s Geneva (DK-GVA-2) and Zurich (CH-ZH-1) datacenters.
- ISO 27001 / SOC 2 inherited from Exoscale infrastructure.
- Support staff with Swiss residency.
- All customer data — conversations, transcripts, embeddings, audio — stays in Switzerland.
- LLM providers configurable: managed routing to EU/Swiss inference endpoints, or BYO model running inside Exoscale.
On-premise
For air-gapped or sovereign-cloud deployments:
| Component | Reference spec (per 100 concurrent voice + 1k concurrent chat) |
|---|---|
| Application servers | 4× 16-core, 64 GB RAM. |
| Database | 1× primary, 1× replica; 16-core, 128 GB RAM, NVMe SSD. |
| Object storage | S3-compatible (MinIO / Ceph), 5 TB minimum. |
| GPU (if BYO inference) | 2× A100 80 GB or equivalent for self-hosted LLM. |
| Network | 10 Gbps internal; egress sized to expected channel volume. |
A reference Helm chart and Terraform module are provided. On-premise deployments include source code, an annual upgrade support contract, and a dedicated solutions architect.
On-premise customers run their own monitoring, backups, and patching. Omniflow provides recommended dashboards and runbooks.
Datacenter locations (managed deployments)
| Region | Datacenter |
|---|---|
| EU-Central | AWS Frankfurt |
| EU-Switzerland | Exoscale Geneva, Exoscale Zurich |
| US-East | AWS Virginia |
| US-West | AWS Oregon |
| APAC-South | AWS Singapore |
| APAC-Southeast | AWS Sydney |
Production monitoring
Omniflow runs:
- Metrics: Prometheus + Grafana for system metrics; Datadog for APM.
- Logs: Centralized logging with retention per the workspace policy.
- Tracing: OpenTelemetry across edge functions, voice runtime, and DB.
- Alerting: PagerDuty for engineering on-call; per-customer Slack/email digests for customer-facing incidents.
- Synthetic checks: Continuous synthetic conversations across all regions; alarms fire on degradation.
- Status page:
https://status.omniflow.examplemirrors real-time service health.
For private cloud and on-prem, the same dashboards and alert templates are provided as code (Terraform).
Roadmap (next 24 months)
The product roadmap is shared with active customers under NDA. High-level public posture:
- 0–6 months: Deeper self-service automation library, expanded agent reasoning models, Polish and Bahasa GA.
- 6–12 months: Multi-modal retrieval (image + diagram), expanded BYO-LLM support, enhanced Speech Analytics dashboards.
- 12–24 months: Advanced agent orchestration (multi-agent), cross-tenant federation for franchise/agency use cases, Voice Bot fine-tuning UI.
Customers on private-cloud and Exoscale tiers receive a quarterly roadmap briefing under NDA.
Open in Omniflow
Related
| If you want to… | Go to |
|---|---|
| Read security details | Security & Compliance |
| Configure data retention | Settings overview |
| Read the runtime architecture | Voice Runtime |