Skip to content

Governance That Stays Inside Your Boundary

Run the cajeX data plane in your own cloud account for full data residency control. The same platform, deployed where your regulations require.

Start Free

Data Residency by Construction

Bring-Your-Own-Cloud: deploy the cajeX data plane inside your own AWS, Azure, GCP, or on-prem environment. The portable runtime ships as a Docker image paired with S3-compatible object storage (AWS S3, MinIO, or any compatible provider), so it runs wherever you can run a container. Your project data, findings, directives, documents, and audit logs never leave the environment you choose. The only outbound call from the data plane is an optional AI review API — which you can disable entirely if your data residency policy prohibits external processing.

  • Bring-Your-Own-Cloud: run the data plane in your AWS, Azure, GCP, or on-prem environment
  • Portable runtime ships as a Docker image with S3-compatible storage (AWS S3, MinIO, and compatible)
  • Runs in any region and any account you control
  • AI review features can be disabled to keep all data local
app.cajex.ai
Workspace settings view

Control Plane / Data Plane Split

The control plane (identity, billing, platform admin) runs on Cloudflare. The data plane — everything that touches customer architecture data — runs inside your boundary. One codebase, two deployment targets: the same features are available whether you run on our managed SaaS or a private data plane.

  • Customer data handled exclusively by the data plane in your cloud
  • JWT-based auth; control plane never sees project content
  • Same feature set as managed SaaS — no feature gaps to accept
  • Per-workspace or per-customer data planes supported
app.cajex.ai
Leadership dashboard

Immutable Audit Trails

Every review decision, comment, status change, and approval is recorded with immutable timestamps and user attribution. Export a complete chain of custody for auditors instead of assembling evidence from email threads and meeting notes.

  • Immutable event log for every governance action
  • User attribution with SSO identity verification
  • GDPR-aligned data export and right-to-erasure workflows
  • Scoped to your data plane — logs stay in your boundary
app.cajex.ai
Findings list view

Workspace Isolation & Access Control

Complete data isolation with composite partition keys enforced by workspace-aware middleware on every API request — not just row-level filters. Role-based access control, enterprise SSO via OIDC and SAML, and SCIM provisioning keep access tight enough for regulated environments.

  • Composite partition keys on every database table
  • Middleware-enforced isolation on every API request
  • Enterprise SSO via OIDC and SAML — native Entra ID integration plus generic OIDC for Okta and other providers
  • SCIM 2.0 for automated user lifecycle management
app.cajex.ai
Architecture directives view

Bring cajeX Inside Your Boundary

Talk to us about deploying the data plane into your AWS, Azure, GCP, or Kubernetes environment.

Start Free