Deployment Options

Compare Packages

Choose the deployment model matching your security, compliance, and integration requirements. Clear responsibility boundaries for every option.

Packages

Five deployment options

From fully managed SaaS to self-managed deployments, plus dedicated services and custom engineering for complex requirements.

Online Hosted

(SaaS)

Fast time-to-value. We operate, you define policies.

Explore Online Hosted (SaaS) package

Managed Private

(Deployment)

Private isolation with managed operations. White-label available.

Explore Managed Private deployment

Self-Managed

(Deployment)

Maximum control in your infrastructure.

Explore Self-Managed deployment

Dedicated Services

(Add-on)

Enablement, policy design, integrations.

Explore Dedicated Services options

Custom Engineering

(Project)

Tailored implementations for complex needs.

Explore Custom Engineering projects
INCLUDED

All packages include both NLP Engine and Pattern Engine detection modes at no additional cost. Learn more about detection engines →

Responsibility Matrix

Who does what?

Clear responsibility boundaries for each deployment option.

PROVIDER anonymize.solutions handles this
CLIENT Your team handles this
SHARED Joint responsibility
FLEXIBLE Client decides scope
OPTIONAL Available as add-on
Swipe left to see all columns →
Responsibility / Task Online Hosted
(SaaS)		 Managed Private
Deployment		 Self-Managed
Deployment		 Dedicated
Services		 Custom
Engineering
Operations & Infrastructure
Application Operations (Run)?Application OperationsDay-to-day operation of the anonymization platform: API services, web interface, background jobs, and application health. Includes starting/stopping services, log management, and ensuring application availability. PROVIDER PROVIDER CLIENT FLEXIBLE FLEXIBLE
Infrastructure / Hosting?Infrastructure & HostingPhysical or cloud server provisioning, compute resources (CPU, RAM), storage allocation, and data center selection. Platform runs on Debian Linux 12+ with support for bare metal, VMs, or containers. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Network / Firewall / VPC / VNet?Network & Security GroupsNetwork configuration including firewall rules, Virtual Private Cloud (VPC) or VNet setup, security groups, ingress/egress rules, and network isolation. All connections encrypted with TLS 1.2+. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Updates & Patches?Updates & PatchesOperating system security patches, application version updates, dependency updates, and scheduled maintenance windows. Includes both security-critical and feature updates to the anonymization engine. PROVIDER PROVIDER CLIENT FLEXIBLE FLEXIBLE
Monitoring & Alerting?Monitoring & AlertingSystem health monitoring, performance metrics (CPU, memory, disk, API latency), uptime tracking, and incident alerting. Includes log aggregation and anomaly detection for security events. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Backups / Disaster Recovery?Backups & Disaster RecoveryConfiguration backups, encryption key backups (if applicable), database snapshots, and disaster recovery procedures. Note: User text data is never stored - only configuration and metadata are backed up. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Security & Compliance
Data Residency (Policy/Region)?Data ResidencyGeographic location where data is processed and stored. Default: Germany (Hetzner, ISO 27001 certified). All processing within EU. GDPR compliant. Custom regions available for Managed/Self-Managed deployments. PROVIDER (Options) SHARED CLIENT FLEXIBLE FLEXIBLE
IAM / SSO (OAuth / Enterprise)?Identity & Access ManagementSingle Sign-On integration with enterprise identity providers: Microsoft Entra ID (Azure AD), Google Workspace, Okta, or custom SAML/OIDC providers. Includes role-based access control (RBAC) and user provisioning. OPTIONAL SHARED CLIENT FLEXIBLE FLEXIBLE
Key Management (KMS/HSM)?Encryption Key ManagementStorage and management of encryption keys for the Encrypt protection operator. Options include provider-managed keys, customer-managed keys (BYOK), or Hardware Security Module (HSM) integration for Enterprise tier. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Zero-Knowledge Setup / Recovery?Zero-Knowledge ArchitecturePassword-derived encryption using Argon2id key derivation. Passwords never transmitted - only mathematical proofs. 24-word BIP39 recovery phrase for account recovery. Provider cannot access user credentials or decrypt user data. SHARED SHARED SHARED FLEXIBLE FLEXIBLE
Data Classification & Governance?Data Classification & GovernanceDefining data sensitivity levels, retention policies, and compliance requirements for your organization. Selecting which entity types to detect (260+ available) and which protection operators to apply per data category. CLIENT CLIENT CLIENT FLEXIBLE FLEXIBLE
Security Reviews / Audits (Internal)?Internal Security AuditsYour organization's internal security assessments, penetration testing, compliance audits (SOC 2, ISO 27001), and vendor security reviews. Provider supplies audit logs, security documentation, and DPA/BAA agreements. CLIENT CLIENT CLIENT FLEXIBLE FLEXIBLE
Incident Response (Product)?Product Incident ResponseResponse to security incidents affecting the anonymization product itself: vulnerabilities in detection engine, API security issues, or data leakage in the application layer. Includes CVE tracking and security patches. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Incident Response (Environment)?Environment Incident ResponseResponse to infrastructure-level incidents: server breaches, network intrusions, DDoS attacks, or data center issues. Includes forensics, containment, and recovery procedures for the hosting environment. PROVIDER SHARED CLIENT FLEXIBLE FLEXIBLE
Configuration & Customization
Detection Engine Selection?Detection EnginesChoose between NLP Engine (context-aware, 48 languages, 260+ entities), Pattern Engine (regex-based, checksum validation, ultra-fast), or Hybrid Mode (both engines combined). All packages include both engines at no additional cost. SHARED SHARED SHARED FLEXIBLE FLEXIBLE
Presets & Anonymization Policies?Presets & PoliciesBuilt-in compliance presets (GDPR, HIPAA, Financial Data) plus custom preset creation. Entity groups include UNIVERSAL, FINANCIAL, DACH, FRANCE, NORTH_AMERICA. Configure which entity types to detect and which protection operators (Mask, Redact, Hash, Encrypt, Replace) to apply. SHARED SHARED SHARED FLEXIBLE FLEXIBLE
Custom Entities / AI Entity Creation?Custom Entity DefinitionsDefine custom PII patterns using regex or the AI-assisted entity generator. Create patterns for proprietary identifiers: employee IDs, project codes, internal reference numbers, or industry-specific data formats. SHARED SHARED SHARED FLEXIBLE FLEXIBLE
Integrations (API/MCP/Office)?Integration SetupConfiguration of REST API access (JWT authentication), MCP Server for AI assistants (Claude, Cursor, Windsurf), Office Add-in (Word, Excel, PowerPoint), Desktop App, and Chrome Extension deployment. SHARED SHARED SHARED FLEXIBLE FLEXIBLE
Image Anonymization (OCR)?Image AnonymizationOptional OCR-based anonymization for images and scanned documents. Detects and redacts PII in images (JPG, PNG, TIFF). Available as add-on module for Enterprise tier. Includes face detection and license plate blurring. OPTIONAL OPTIONAL OPTIONAL OPTIONAL OPTIONAL
Support & Services
Onboarding & Enablement?Onboarding & TrainingInitial platform setup, configuration guidance, user training, and integration assistance. Includes documentation walkthrough, preset configuration, and best practices for your specific use cases. PROVIDER PROVIDER OPTIONAL FLEXIBLE FLEXIBLE
SLA / Support?Service Level AgreementUptime guarantees, response time commitments, support channels (email, ticket system), and escalation procedures. Enterprise SLAs include dedicated support contacts and priority incident handling. PROVIDER PROVIDER OPTIONAL FLEXIBLE FLEXIBLE
Custom Features / Adaptations?Custom DevelopmentModifications to the platform for specific requirements: custom detection algorithms, new protection operators, workflow integrations, or specialized compliance features. Available through Custom Engineering engagement. Roadmap OPTIONAL CLIENT FLEXIBLE FLEXIBLE
White-Label / Rebranding?White-Label BrandingRebrand the platform with your logo, colors, domain, and email templates. For MSPs, ISVs, and service providers offering anonymization as their own service. Includes multi-tenant management dashboard. OPTIONAL FLEXIBLE FLEXIBLE

Which questions determine the right package?

  • Can data leave your environment? → If not, consider Managed Private or Self-Managed.
  • Do you need SSO/IAM integration (Microsoft/Google OAuth)? → Enterprise/Optional feature in most packages.
  • Who should handle updates and monitoring? → SaaS/Managed vs. Self-Managed determines operational responsibility.
  • How much integration/engineering effort is required? → Dedicated Services or Custom Engineering for complex needs.
  • Do you want to offer anonymization as your own service? → Managed Private with White-Label option for service providers.

Need help choosing the right package?

Our team can help you evaluate your requirements and find the deployment model that fits your security and compliance needs.

Request Demo View Security Details