FlatRun is self-hosted by design. No data leaves your infrastructure, no third-party has access, and you stay compliant with GDPR and data sovereignty requirements out of the box.
FlatRun runs entirely on your infrastructure. There is no hosted version, no SaaS backend, and no phone-home telemetry. Your data never touches a server you don't control.
Choose where your data lives. Deploy on servers in your jurisdiction and meet local data residency laws. FlatRun never moves data across borders because it never moves data at all.
Every line of code is auditable on GitHub. No hidden data collection, no proprietary black boxes. You can verify exactly what FlatRun does with your infrastructure.
FlatRun's architecture makes GDPR compliance straightforward. When you control the infrastructure, you control the data.
FlatRun doesn't collect, process, or transmit any of your data. There are no analytics calls, no usage tracking, and no data processor agreements needed with us because we never see your data.
Host FlatRun on servers in Germany, France, the Netherlands, or wherever your data residency requirements dictate. Your data stays in the jurisdiction you choose.
FlatRun uses a file-based architecture with no external database. Deleting a deployment removes all associated data from disk. Full data portability with standard Docker volumes and compose files.
Since FlatRun is fully self-contained on your server, there are no transatlantic data flows to worry about. No Schrems II concerns, no Standard Contractual Clauses needed.
Cloud hosting panels and managed platforms route your data through systems you don't own, in jurisdictions you didn't choose, governed by terms that can change without notice.
FlatRun takes the opposite approach. It's a single binary that runs on your server. Your configuration, your client data, your databases, your backups — everything stays on hardware you control. No vendor has access. No API calls leave your network. No terms of service govern your own data.
For agencies managing client sites, hosting providers serving European customers, or any organization with data residency obligations, this isn't a nice-to-have. It's a requirement.
Guarantee your clients that their site data stays in the region they require. No DPA with a panel vendor needed.
Offer truly sovereign hosting. Your customers' data stays on your infrastructure, under your jurisdiction.
Healthcare, finance, government — meet data localization requirements without workarounds or waivers.
Automatic Let's Encrypt certificates for all deployments. SSL status tracked and monitored across your entire fleet.
No database to compromise. All configuration stored as plain files, easy to audit, backup, and version control.
Each deployment runs in its own Docker container with isolated networking, filesystem, and process space.
Full source code on GitHub. Security issues can be reported and verified by anyone. No security through obscurity.
Single Go binary with no runtime dependencies. Small footprint means fewer things that can go wrong.
Standard Docker volumes and compose files. Back up by copying directories. Restore on any machine running Docker.
Found a vulnerability? We take security issues seriously. Please report them responsibly.
Self-hosted, open source, and built for data sovereignty.