Aptible hosts your application on their managed infrastructure. Convox deploys into your own AWS account. With Convox, patient data never leaves your VPC — encrypted with your KMS keys, logged by your CloudTrail, governed by your IAM policies. When auditors or enterprise customers ask where data lives, BYOC is a stronger answer than any vendor-hosted alternative.
Aptible charges a premium for compliance-first branding and managed infrastructure. Convox delivers the same Heroku-like deployment experience — define services in convox.yml, run convox deploy — at a fraction of the cost. You pay for Convox plus your own AWS bill, which you control and optimize directly. No vendor markup on compute.
Need to serve federal health contracts in AWS GovCloud? Convox deploys there with the same workflow. Aptible cannot. For digital health companies pursuing VA, DoD, or CMS contracts, this is a structural capability gap. Convox is the only PaaS in this weight class that supports GovCloud regions.
Aptible provides a BAA because they process your data on their infrastructure. Convox doesn't need one — your data never touches Convox systems. After initial provisioning, Convox has zero access to your workloads, credentials, or patient data. The BYOC model eliminates the data processing relationship entirely, simplifying your compliance posture.
Aptible locks you into their infrastructure. Convox deploys to AWS, GCP, Azure, and DigitalOcean — including AWS GovCloud. Switch clouds or run multi-region without changing your deployment workflow. Your convox.yml works the same everywhere, giving your team portability that Aptible's managed model cannot offer.
With Aptible, you're a tenant on their platform. With Convox, you own the VPC, subnets, security groups, and load balancers. Need custom networking, VPC peering, or direct integration with other AWS services? It's your account — configure it however your compliance and engineering teams require. No support tickets to a vendor for infrastructure changes.
