On-prem deployment is the default, not a premium option. Data boundaries, least privilege, audit logs, and PHI handling are architectural decisions—designed in before any feature is written.
Every Cast Net Technology product is designed to run inside your infrastructure. On-prem deployment means your data—charts, market data, inventory records, accounting logs—is processed locally. It does not traverse the public internet to reach our servers or any third-party service by default.
We do not operate a SaaS data plane that processes your sensitive data. When we build products, we build them to run in your environment, under your control, behind your access policies.
Cloud deployment is available as an option—on infrastructure you control, with network policies you define. That is a different posture from "your data goes to our cloud." We do not offer the latter by default.
Persistent data—PostgreSQL databases, SQLite files, uploaded documents, extracted text, and event logs—resides within your infrastructure. Database access is limited to service accounts with the minimum required permissions.
Inter-service communication within the Docker Compose stack is network-isolated. External API calls are outbound-only, initiated by the system, and carry no inbound PHI or sensitive data unless explicitly configured.
Any integration with external services—listing platforms, broker APIs, third-party data providers—is explicit, documented, and operator-initiated. Integrations are never enabled by default for sensitive data flows. Customers evaluate these against their own data policies.
Our healthcare document intelligence pipeline is designed so that Protected Health Information never leaves the deployment host by default. This is an architectural guarantee, not a policy commitment: the processing pipeline has no external HTTP calls during document ingestion, text extraction, ICD-10 detection, or report generation.
OCR processing, text extraction, detection models, and CMS mapping tables all run locally. No chart content, extracted text, detected codes, or patient-identifiable information is transmitted externally during normal operation.
Customer responsibility. Cast Net Technology deploys the system inside your infrastructure. Access control, network segmentation, backup policies, encryption at rest, and log retention are the customer's responsibility. We provide documentation and deployment guidance; we do not manage your infrastructure.
Cast Net Technology does not represent, certify, or guarantee that any product or deployment meets HIPAA, SOC 2, or any other regulatory standard. Customers are solely responsible for their compliance obligations. The on-prem architecture is designed to support—not guarantee—a defensible data handling posture.
Products are packaged as Docker Compose stacks. Each service (API, workers, database, cache, observability) runs in an isolated container with defined network and volume mounts. The architecture is inspectable, modifiable, and does not depend on proprietary runtime infrastructure.
API Layer
FastAPI + Python
Task Queue
Celery + Redis
Database
PostgreSQL
Deployment
Docker Compose
Network
Isolated bridge
User actions, automated pipeline steps, configuration changes, and integration events are logged with timestamps, actor identities, and structured payloads—not just access logs.
For healthcare: every ICD-10 detection, evidence binding, and flag generation includes the source document, page, offset, and model version. The log is the audit trail.
On-prem by default. Least-privilege access. No telemetry. These aren't features we added — they're decisions we made at the beginning that we never undid. If you have a specific security question about one of our products, ask us directly.