Platform

Deployments: run AI-built apps anywhere serious software runs

The same governed pipeline ships your application to Ciao cloud, your own cloud account, a private VPC or your own data center.

Ciao Deployments is the platform's publishing layer: deploy to Ciao cloud, your own AWS, Azure or GCP account, a private VPC, or on-prem under separate terms, with region pinning for data-residency requirements. Unlike builders tied to a single host, Ciao separates where an application is built from where it runs — the delivery loop of gates, checks and audit stays the same on every target.

Best forEnterprise cloud boundariesData-residency requirementsFast starts on Ciao cloud

Published 2026-07-03 · Last updated 2026-07-03

Where software runs is a decision, not a default

For a hobby project, hosting is an afterthought. For a bank's internal tool, a healthcare operations portal or an agency's client product, where the application runs is procurement, compliance and risk all at once. Data-residency rules name regions. Security teams name network boundaries. Some buyers simply require: our cloud, our account, our building.

Ciao treats the deployment target as a choice you make per project, not a property of the platform. Deploy to Ciao cloud, to your own AWS, Azure or GCP account, into a private VPC, or on-prem under separate terms — and the delivery loop that builds, tests, governs and monitors the application is the same on every target.

How deployment works

The workflow is the same on every target; only the destination changes.

  1. 1. Pick the target

    Ciao cloud is the fastest path and fits most projects. Your own cloud account fits applications that must live inside the corporate boundary. Private VPC and on-prem cover the strictest cases.

  2. 2. Connect the environment

    For customer-owned targets, connect the account or environment and the application deploys inside your perimeter — with the same gates and records as anywhere else.

  3. 3. Pin the region

    Region pinning keeps a workload where residency obligations say it must stay, with multi-region support underneath for everything else.

  4. 4. Publish through the gates

    QA smoke gates and the safe-to-publish security dashboard apply on every target. Where the app runs never changes what it takes to release it.

  5. 5. Operate wherever it landed

    Production checks run after publish; Doctor diagnoses read-only; SysOps handles triage, drift and rollback — the operational loop travels with the application.

  6. 6. Change your mind later

    Because Ciao generates standard React, TypeScript and Supabase and you own the code, target choice is per project, not forever. Start on Ciao cloud and move inside your own boundary as requirements harden.

Why it matters

Deployment flexibility is usually where AI app platforms and enterprise buyers part ways: the tool assumes its own cloud, the buyer requires theirs, and the evaluation ends there. Separating where an app is built from where it runs removes that wall — builders keep the same experience, while infrastructure and compliance teams get their boundary.

Underneath, the infrastructure is designed to scale: Kubernetes, isolated pods, hibernation and wake, and multi-region support.

Region pinning deserves its own note. Data-residency obligations are usually inherited — from a regulator, a client contract, a works council — and they arrive as a hard constraint, not a preference. Pinning the workload to a named region turns that clause from an architecture project into a project setting, and the audit trail can show that it has held.

Who deploys where

Different buyers draw the boundary in different places.

  • Startups and agencies — Ciao cloud — The fastest path to production, with no infrastructure to own and region pinning available when a client's data must stay put.
  • Enterprises — your own AWS, Azure or GCP — Applications inside the corporate boundary and the existing billing relationship, without giving up the delivery loop.
  • Regulated teams — private VPC — Network isolation for workloads that cannot share a perimeter, with the managed loop intact.
  • Strict environments — on-prem — Your building, your hardware, under separate terms — for the buyers whose requirements end that way.

Security and governance notes

  • ✓ Region pinning supports data-residency requirements; multi-region support underneath.
  • ✓ QA gates and the safe-to-publish dashboard apply on every deployment target.
  • ✓ Doctor stays read-only and SysOps actions stay recorded, wherever the app runs.
  • ✓ The append-only audit trail spans deploys across all targets.
  • ✓ SOC 2 Type II reports are available under NDA; inference runs under zero-retention model contracts.
  • ✓ Credentials for customer-owned targets stay scoped to deployment operations, not general access.
  • ✓ 100% code ownership on every target — export to your own repo at any time.

Deployment targets at a glance

Start from the constraint you cannot move and work backwards.

TargetBest forWorth knowing
Ciao cloudThe fastest start; most projectsManaged end to end; region pinning available
Your AWS, Azure or GCP accountEnterprise boundary and billingRuns in your account; delivery loop unchanged
Private VPCNetwork-isolation requirementsThe managed loop inside your virtual network
On-premThe strictest environmentsAvailable under separate terms — talk to sales

Frequently asked questions

Can we start on Ciao cloud and move to our own account later?

Yes. The application is standard React, TypeScript and Supabase that you own, and the target is a per-project choice. A common path is to prototype on Ciao cloud and move inside the corporate boundary as the project becomes production-critical.

What does region pinning actually pin?

The application workload stays in the region you designate, which is what data-residency obligations typically require. Multi-region support underneath covers the projects that do not carry that constraint.

Who operates the app when it runs in our cloud?

The same platform loop: publishes through gates, production checks after release, Doctor for read-only diagnosis, SysOps for triage and rollback. Your team controls access through role-based permissions and SSO, and every action lands in the audit trail.

Is on-prem really supported?

Yes, under separate terms — it involves your infrastructure standards, so it starts as a conversation with sales rather than a checkbox. Serious production programs start at USD 10,000 per year; private VPC and on-prem are scoped on top of that.

Does governance weaken on private deployments?

No. Guardrails policies, QA gates, security testing and the append-only audit trail apply regardless of target. The point of the design is that compliance never has to choose between the boundary and the loop.

Related pages

See the whole delivery loop in one demo.

Deployments: Run AI-Built Apps Anywhere | Ciao