On-prem deployment is the default, not a premium option. Data boundaries, least privilege, audit logs, and PHI handling are architectural decisions—designed in before any feature is written.
Every Cast Net Technology product is designed to run inside your infrastructure. On-prem deployment means your data—charts, market data, inventory records, accounting logs—is processed locally. It does not traverse the public internet to reach our servers or any third-party service by default.
We do not operate a SaaS data plane that processes your sensitive data. When we build products, we build them to run in your environment, under your control, behind your access policies.
Cloud deployment is available as an option—on infrastructure you control, with network policies you define. That is a different posture from "your data goes to our cloud." We do not offer the latter by default.
Persistent data—PostgreSQL databases, SQLite files, uploaded documents, extracted text, and event logs—resides within your infrastructure. Database access is limited to service accounts with the minimum required permissions.
Inter-service communication within the Docker Compose stack is network-isolated. External API calls are outbound-only, initiated by the system, and carry no inbound PHI or sensitive data unless explicitly configured.
Any integration with external services—listing platforms, broker APIs, third-party data providers—is explicit, documented, and operator-initiated. Integrations are never enabled by default for sensitive data flows. Customers evaluate these against their own data policies.
The healthcare chart intelligence product is designed so that Protected Health Information never leaves the deployment host by default. This is an architectural guarantee, not a policy commitment: the processing pipeline has no external HTTP calls during document ingestion, text extraction, ICD-10 detection, or report generation.
OCR processing, text extraction, detection models, and CMS mapping tables all run locally. No chart content, extracted text, detected codes, or patient-identifiable information is transmitted externally during normal operation.
Customer responsibility. Cast Net Technology deploys the system inside your infrastructure. Access control, network segmentation, backup policies, encryption at rest, and log retention are the customer's responsibility. We provide documentation and deployment guidance; we do not manage your infrastructure.
Cast Net Technology does not represent, certify, or guarantee that any product or deployment meets HIPAA, SOC 2, or any other regulatory standard. Customers are solely responsible for their compliance obligations. The on-prem architecture is designed to support—not guarantee—a defensible data handling posture.
Products are packaged as Docker Compose stacks. Each service (API, workers, database, cache, observability) runs in an isolated container with defined network and volume mounts. The architecture is inspectable, modifiable, and does not depend on proprietary runtime infrastructure.
Healthcare API
FastAPI + Python
Task Queue
Celery + Redis
Database
PostgreSQL
Crypto Accounting
SQLite (append-only)
Deployment
Docker Compose
Network
Isolated bridge
User actions, automated pipeline steps, configuration changes, and integration events are logged with timestamps, actor identities, and structured payloads—not just access logs.
For healthcare: every ICD-10 detection, evidence binding, and flag generation includes the source document, page, offset, and model version. The log is the audit trail.
For crypto research: the SQLite truth layer is append-only. Order events, fills, config snapshots, and regime transitions are permanently logged and cannot be retroactively modified.
On-prem by default, data boundary design, least privilege, and audit logs are not separate security features—they follow naturally from our commitment to governance, provenance, and operator control. Read the full Governed intelligence, not guesswork framework →
Talk to an engineer about your infrastructure requirements, network constraints, or data handling policies. We'll walk through the architecture in detail.