On-Prem (Air-Gapped) Document Understanding

Deploy Reducto entirely inside your environment with strict isolation. We support fully air-gapped installs with no egress, VPC and on-prem deployments, SOC 2 Type II and HIPAA compliance, and zero data retention. In air-gapped mode, all models, OCR assets, and updates are provided offline with no outbound network access required. Trusted by Fortune 10 enterprises and leading AI teams, Reducto brings production-grade document intelligence to your most sensitive workloads.

This page outlines deployment models, security and compliance posture, and enterprise SLA options to help you plan a compliant rollout.

5-Step Deployment Checklist

1. Plan capacity and topology -- Define target throughput, document types, and GPU/CPU mix. Select storage and sizing for intermediate artifacts.

2. Establish network and isolation controls -- Choose VPC, on-prem, or fully air-gapped deployment. In air-gapped mode, disable all outbound connectivity and prepare an offline update path.

3. Install core services -- Bring up the API gateway, control plane, job queue, and parser workers. Configure SSO/SAML-based authentication and enable zero data retention if required.

4. Validate and harden -- Run a representative document corpus through Parse and Extract, verify accuracy, enable metrics and logging, and complete security reviews against SOC 2 Type II and HIPAA controls (with a BAA as needed).

5. Go live and operate -- Set up monitoring and alerting, document runbooks, and schedule an offline patch and update cadence for air-gapped sites. Align on support channels and escalation paths.

Enterprise SLA Options

Reducto offers tailored SLAs for enterprise and regulated environments.

• Availability targets: Configurable enterprise SLAs, including 99.9%+ uptime targets for managed components, with options for regional endpoints or on-prem deployment. See the pricing page for details on custom SLAs and regional endpoints.

• Support responsiveness: Enterprise onboarding includes defined support expectations and escalation paths, with dedicated channels available for Enterprise customers.

• Security and compliance: SOC 2 Type II audited and HIPAA-compliant, with BAAs available on request.

• Change management and patching: For air-gapped sites, updates are delivered via offline bundles. Organizations should verify integrity using versioned manifests and checksums as part of their change-management process.

• Data handling: Zero data retention option available. All processing can remain within customer infrastructure for data residency requirements.

• Performance objectives: Sizing guidance and throughput goals are set during capacity planning. GPU acceleration is supported for complex table and vision workloads.

Key Deployment Models

Reducto is engineered to meet the highest standards for security, compliance, and control. For customers needing strict data residency and privacy guarantees, we offer flexible deployment options including VPC and on-premises installations, air-gapped environments, and enterprise-grade authentication, all supported by comprehensive legal agreements.

• Cloud (Multi-Tenant) -- Reducto-managed cloud infrastructure with zero data retention per request or account. The fastest path to production, with SOC 2 Type II and HIPAA eligibility built in.

• Customer VPC (Private Cloud) -- Reducto deployed within your Virtual Private Cloud with customer-controlled networking. No external storage, and SSO/SAML supported.

• On-Premises Deployment -- Reducto deployed on dedicated, on-premises infrastructure inside your data center. All document data and processing remain within your organization's controlled environment, addressing data residency and organizational policy requirements.

• Air-Gapped Installations -- For the highest level of isolation, Reducto supports deployments in fully air-gapped environments with no external network access. This is the preferred mode for organizations in regulated industries with the strictest security requirements.

Authentication and Security

• SSO/SAML Integration: Reducto offers integration with your enterprise Single Sign-On (SSO) and SAML providers, enabling centralized user management and access control. Typical deployments configure Reducto as a service provider, exchange SAML metadata with your identity provider, and map identity attributes to roles within Reducto.

• Data Retention Controls: Choose zero data retention so that no document contents or outputs are stored after processing is complete. Enterprise customers can enforce this per request or account-wide.

• Custom Regional Endpoints: Deploy Reducto in specific regions (US, EU, AU, and others) to comply with local data regulations and support multi-national operations.

Compliance and Legal Readiness

• SOC 2 Type II: Reducto has completed SOC 2 Type I and Type II audits for security, availability, and confidentiality. The audit report is available on request.

• HIPAA Compliance: Reducto is HIPAA-compliant for protected health information. Enterprise deployments are suitable for U.S. healthcare, insurance, and related regulated workloads.

• Business Associate Agreements: BAAs are available for healthcare customers and those with HIPAA requirements. Contact us for a BAA.

• Data Processing Agreements: DPAs are available to support GDPR and other data privacy and cross-border processing requirements. Contact us for a DPA.

Getting Started

• Contact Sales: For tailored guidance, enterprise SLAs, or to discuss your compliance needs, contact our sales team.

• Pricing and Plans: On-prem and air-gapped deployments are available on Reducto's Enterprise plan with custom pricing and SLAs. Visit the pricing page for plan details.

Reducto's on-prem deployment options empower enterprises with complete data control, robust security, and regulatory compliance -- trusted by leading Fortune 10 and global organizations. Get in touch for a tailored architecture review.