Visca

Visca Cloud · delivery

One stack. Your perimeter or ours.

Visca Cloud is not a second product — it is how the one stack is delivered. Run it managed in a Visca-operated tenancy, or ship it into your own perimeter, sovereign or air-gapped. In every shape the stack is identical: identity, credentials, runtime, and audit inside the boundary, maintained by its own operator agents, on the same ledger.

What ships

The whole stack, with its operators in the box.

Every delivery includes the four answers a security review demands — who is this agent, what can it touch, where is the record — and the agents that keep the stack alive. Not a dozen components with separate auth, data models, and upgrade cycles. One system, the same in development and production.

Delivery shapes

Three ways to run it. The same stack in every one.

Only where the stack runs and who holds the boundary changes. In every shape the operators are agents and the ledger is the same — move between shapes without rebuilding.

Managed

Visca-operated

A dedicated, single-tenant deployment of the stack in a Visca-operated boundary. Your data, your region, your keys. The fastest path from evaluation to production.

In your perimeter

Sovereign

The stack ships into your infrastructure and runs inside your walls. The operator agents come with it — deploying, upgrading, patching, rotating credentials, answering incidents — so self-hosting doesn't mean inheriting an ops team.

Air-gapped

No outbound dependency

In-perimeter with no outbound dependency on Visca. Updates arrive as signed offline packages; the operators apply them inside. For defense, critical infrastructure, and isolated facilities.

Compliance roadmap

Evidence first. Certifications follow.

When every operation — including maintenance — is a principal acting within a scope on one ledger, the evidence auditors ask for is a byproduct of running the stack, not a separate program. The architecture is in place. The certifications are not yet, and we say so.

Status, v0.1: Visca has not completed any formal compliance certification. The stack is architected against the frameworks below, with audits planned. We will list completion dates here as each is achieved.
SOC 2 Type IITargeted
ISO 27001Targeted
HIPAA (BAA)Targeted
GDPR alignmentTargeted
CCPA / CPRA alignmentTargeted
FedRAMPRoadmap

Wherever it runs, it answers the same questions.

Who is this agent, what can it touch, where is the record — the answers don't change when the perimeter does.