Your code stays
where you need it.
Cloud-hosted for speed. On-premises for control. Air-gapped for the environments where nothing leaves the network.
Three tiers. One platform.
Every tier runs the same ArcLume codebase — same features, same quality. The difference is where it runs and who manages it.
Cloud Hosted
Fully managed by ArcLume on AWS. No infrastructure to set up, no containers to run. Sign up and start mapping your codebase in minutes.
- Zero infrastructure required
- GitHub.com + GitHub Enterprise Cloud
- Linear integration
- Encrypted at rest (AES-256) + HTTPS enforced
- SOC 2 Type II (in progress)
Starter & Business plans
Join the BetaOn-Premises
ArcLume runs entirely on your infrastructure via Docker Compose or Kubernetes. Your code never leaves your network. Outbound HTTPS only for GitHub, Linear, and embedding APIs.
- Code never leaves your network
- GitHub Enterprise Server support
- Choose your embedding provider (Voyage, OpenAI, Bedrock, Ollama)
- SSO/OIDC (Okta, Entra ID, Google, Keycloak)
- Docker Compose or Helm chart
Business & Enterprise plans
Contact SalesAir-Gapped
Zero outbound network connections. Embeddings generated locally via Ollama. Container images delivered as a signed offline bundle. Built for classified, defense, and highly regulated environments.
- No outbound internet required
- Signed offline bundle delivery
- Local embeddings via Ollama
- Offline license validation (JWT)
- FIPS 140-2 compatible on request
Enterprise plan only
Contact SalesSide-by-side comparison
Same platform, different deployment models. Choose the tier that matches your security posture.
| Cloud | On-Premises | Air-Gapped | |
|---|---|---|---|
| Infrastructure managed by | ArcLume | Customer | Customer |
| Code leaves customer network | Yes | No | No |
| Outbound internet required | N/A | Yes | No |
| GitHub.com | ✓ | ✓ | ✗ |
| GitHub Enterprise Server | ✓ | ✓ | ✓ |
| Linear | ✓ | ✓ | ✗ |
| Embedding provider | Voyage AI | Voyage / OpenAI / Bedrock / Ollama | Ollama (local) |
| SSO / OIDC | ✓ | ✓ | ✓ |
| Image delivery | SaaS | GHCR pull | Signed offline bundle |
| License validation | N/A | Heartbeat | Offline JWT |
| Plans | Starter, Business | Business, Enterprise | Enterprise only |
What you need to run ArcLume on-prem
Lightweight requirements. One setup script. Automated upgrades with snapshot rollback.
Hardware
- On-Prem: 4 CPU, 8 GB RAM, 50 GB SSD
- Air-Gapped: 8 CPU, 16 GB RAM, 200 GB NVMe
- Ubuntu 22.04 LTS or RHEL 8+
Software
- Docker Engine 24.0+ & Compose v2.20+
- or Kubernetes 1.27+ with Helm 3.12+
- Postgres 15+ with pgvector (bundled)
Network
- On-Prem: Ports 80/443 in, HTTPS out to GitHub, Linear, embeddings
- Air-Gapped: Ports 80/443 in, no outbound required
Security at every tier
Your code is never used for model training. Every tier is built with enterprise security as a baseline.
TLS everywhere
HTTPS on all connections. Bring your own cert or use Let's Encrypt for on-prem deployments.
Zero access to your code
On-prem and air-gapped: ArcLume has zero access to customer code or data. You own everything.
SSO / OIDC
Okta, Microsoft Entra ID, Google Workspace, Keycloak, and AD FS supported across all tiers.
Minimal container images
Non-root, multi-stage builds for minimal attack surface. Signed manifests for air-gapped delivery.
SOC 2 Type II — in progress
ArcLume is actively working toward SOC 2 Type II certification. Here's what we've built today and where we're headed.
Controls in place today
On the roadmap
Have compliance questions? Reach out to sales@arclume.dev — we're happy to share our full security posture and discuss your requirements.
Ready to deploy ArcLume?
Start with Cloud for free, or talk to our team about on-premises and air-gapped deployments for your organization.
Enterprise includes dedicated onboarding, a named support contact, and 4-hour SLA for P1 issues.