Your Cloud, Your Data, Your Audit Trail
Convox Rack deploys directly into your AWS, GCP, or Azure account. After provisioning, Convox never touches your workloads, data, or credentials—your prompts, model outputs, and embeddings stay inside your VPC. CloudWatch captures every interaction for your compliance team, not ours.
MCP Tool Servers for Agentic AI
Deploy Model Context Protocol servers that wrap your internal databases, CRMs, and APIs. Give AI agents controlled access to enterprise systems while your existing IAM policies handle access controls. Run convox deploy and your MCP server is live behind your firewall.
HIPAA, FedRAMP, and SOC 2 Ready from Day One
PHI never leaves your cloud boundary. Deploy into AWS GovCloud for FedRAMP requirements with IAM role isolation ensuring AI services access only what they need. Your team owns the infrastructure attestation—no shared Heroku dynos, no Render/Railway vendor data processing.
Private LLM APIs Without Vendor Risk
Host OpenAI-compatible endpoints, Llama, Mistral, or any model behind your VPC using internal: true in your convox.yml. Unlike Azure OpenAI or AWS Bedrock, your prompts never flow through vendor infrastructure—no BAAs required because the data never leaves your account.
RAG Pipelines Over Internal Documents
Build retrieval-augmented generation on proprietary data with encrypted EBS volumes and RDS for vector databases. VPC-private networking ensures your AI tools query internal APIs without traversing the public internet. Define resources in convox.yml and link them to services automatically.
GPU Scaling for Inference and Fine-Tuning
Enable nvidia_device_plugin_enable on your Rack and specify GPU requirements directly in convox.yml with scale.gpu. Run inference workloads on g4dn instances or fine-tuning jobs on p4d—all within your VPC with autoscaling that responds to your queue depth, not a vendor's SLA.
