Cloud (shared)
Our managed multi-tenant service at ai2bihub.com. Fastest to start. Best for most teams.
- Runs in our AWS production account. Each customer is isolated by tenant ID across S3, DynamoDB, and Cognito.
- Data flows: your browser → CloudFront → our API (AWS Lambda) → Amazon Bedrock for inference.
- Sign in with email + password, MFA, or Google SSO.
- Files kept in per-tenant S3 prefixes. Deleted on request or tenant close. Short encrypted backups retained up to 35 days.
Who this fits: Teams with standard operational data. Not recommended for PHI or for data governed by a contract that prohibits third-party hosting.
Private cloud (single tenant)
A dedicated AWS account or VPC for your organization, deployed and operated by CostTrail.
- Single-tenant AWS account provisioned from our Terraform modules. Your compute, storage, Cognito pool, and Bedrock invocations run in isolation.
- Customer-managed KMS keys available. VPC peering, PrivateLink endpoints, and egress allow-lists supported on request.
- Data residency options: US, EU, or APAC regions where Bedrock supports the required models.
- Incident response, patching, backups, and SOC 2 controls managed by CostTrail under the same program as our shared cloud.
Who this fits: Regulated industries, enterprise procurement requiring single-tenancy, or customers who want bring-your-own-KMS.
On-premises
The Service deployed inside your own data center or VPC. Your data never leaves your perimeter.
- Deployable to Kubernetes on hardware you control, or to your existing AWS/Azure/GCP accounts without our direct access.
- Bring-your-own LLM: connect to Bedrock-in-your-account, Anthropic API keys you hold, Azure OpenAI, or self-hosted OSS models (Llama, Mistral, Qwen family).
- Private document intelligence: RAG over your corpus with no external egress, subject to your firewall rules.
- Support delivered through your change-management process. Release artifacts shipped as signed container images with SBOMs.
Who this fits: Customers with strict data-residency or air-gap requirements, regulated workloads (finance, healthcare, public sector), or specific BAA needs.
Local Agent (private mode)
Run an agent on your own machine. Your files never upload. The cloud UI acts as a controller for a local worker.
- You install a signed desktop agent on your own Windows, macOS, or Linux machine. The agent reads the files you point it at and runs the AI tool locally.
- The ai2bihub.com UI is a thin controller: it sends prompts to your agent over an authenticated websocket and renders answers. No file content is transmitted or stored on our servers.
- Inference can run against a local model or against Bedrock/Anthropic/OpenAI keys that you hold. We never see your API keys.
- You can pause, revoke, or uninstall the agent at any time. Revocation is immediate — the controller can no longer reach your machine once the agent is stopped or the session token is revoked.
- Transparent logging: the agent logs every file access and prompt locally in a file you control.
Who this fits: Users who want the product experience without uploading files — for example, working with sensitive client spreadsheets, regulated documents, or ad-hoc personal data where a cloud upload is a non-starter.
Important:
- The Local Agent is governed by our Terms of Service and a separate Agent Terms that cover remote access, revocation, and on-machine logging. You must consent each time a new session is established.
- The Agent cannot be used by third parties to access your machine. Only you, signed into your AI2BI Hub account on the controller UI, can open a session to your own agent.
- We receive telemetry about agent health and error rates, but not the content of files or prompts.
Not sure which mode fits?
For most teams, the shared cloud is the right start. If your data is regulated or your contracts prohibit third-party hosting, talk to us about private-cloud or on-prem. If you specifically want to keep files on your own machine, try the Local Agent.