Hosted vs Self-Hosted
Deployment options for Guardrail Layer — choose between a fully managed service or running the enforcement engine inside your own infrastructure.
Deployment Philosophy
Guardrail Layer is designed so that deployment choice does not affect enforcement guarantees.
The same policy model, redaction logic, and enforcement pipeline apply regardless of where Guardrail Layer runs.
Hosted (Managed)
The hosted deployment is a fully managed Guardrail Layer environment operated by us.
What We Handle
- Infrastructure and scaling
- High availability and upgrades
- Secure policy storage
- Audit log retention
- Telemetry and monitoring
When Hosted Makes Sense
- You want to move quickly
- You do not want to manage infra
- Your database is already cloud-accessible
- You are evaluating Guardrail Layer
Self-Hosted
The self-hosted deployment allows Guardrail Layer to run entirely within your own infrastructure and security perimeter.
What You Control
- Network placement and isolation
- Database connectivity
- Audit log storage
- Retention policies
- Upgrade cadence
When Self-Hosted Makes Sense
- Strict data residency requirements
- Air-gapped or private networks
- Highly regulated environments
- Custom security controls
Comparison
| Capability | Hosted | Self-Hosted |
|---|---|---|
| Policy Enforcement | ✔ Identical | ✔ Identical |
| Redaction & Query Control | ✔ Included | ✔ Included |
| Audit Logging | ✔ Managed | ✔ Customer-controlled |
| Infrastructure Management | ✔ Fully managed | ✖ Customer-managed |
| Network Isolation | Limited to config | ✔ Full control |
| Upgrade Control | Automatic | Manual |
Security Considerations
Guardrail Layer does not require direct database credentials from the LLM. In both deployment models:
- LLMs never connect directly to databases
- Policies are enforced before execution
- Audit logs capture full decision context
Deployment choice changes operational responsibility — not enforcement strength.
Switching Between Models
Organizations may start with the hosted deployment and later migrate to self-hosted without rewriting policies or metadata.
Guardrail Layer policies are portable by design.