> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognisafe.uk/llms.txt
> Use this file to discover all available pages before exploring further.

# Self-hosting overview

> Run Cognisafe inside your own infrastructure.

## Why self-host

* **Data sovereignty**: LLM request and response payloads never leave your network. All logging, scoring, and storage happens on infrastructure you control.
* **Regulated industries**: Healthcare, finance, and government environments often prohibit sending data to third-party SaaS. Self-hosting satisfies those requirements.
* **Air-gapped deployments**: Cognisafe works entirely on-premises with local LLMs via Ollama. No outbound internet required (optional even for safety scoring).
* **Custom data retention**: Configure PostgreSQL retention policies to match your compliance requirements — Cognisafe does not impose its own retention limits.

## What you deploy

The full Cognisafe stack consists of six services:

| Service         | Technology               | Role                                                        |
| --------------- | ------------------------ | ----------------------------------------------------------- |
| `proxy`         | Go                       | OpenAI-compatible reverse proxy; logs every LLM call        |
| `api`           | Python / FastAPI         | REST API, Stripe billing webhooks, rate limiting            |
| `safety_worker` | Python / PyRIT           | Async safety scorer; reads from Redis, writes to PostgreSQL |
| `web`           | Next.js 14               | Dashboard UI — requests, safety scores, billing             |
| `postgres`      | PostgreSQL / TimescaleDB | Primary datastore                                           |
| `redis`         | Redis                    | Job queue (`safety_score_jobs`)                             |

You own and operate all of these. Cognisafe is fully open-source under the MIT licence.

## Deployment options

<CardGroup cols={2}>
  <Card title="Docker Compose" icon="docker" href="/self-hosting/docker-compose">
    The fastest way to run the full stack. Suitable for a single VM, local development, or a small team. Up in under 5 minutes.
  </Card>

  <Card title="Kubernetes / Helm" icon="dharmachakra" href="/self-hosting/kubernetes">
    Production-grade deployment via Railway or your own Kubernetes cluster. Horizontal scaling, managed databases, auto-deploy on git push.
  </Card>
</CardGroup>

## Minimum requirements

| Resource   | Minimum | Recommended                        |
| ---------- | ------- | ---------------------------------- |
| CPU        | 2 cores | 4 cores                            |
| RAM        | 4 GB    | 8 GB                               |
| Disk       | 20 GB   | 100 GB (depends on request volume) |
| PostgreSQL | 14+     | TimescaleDB 2.x on PG 16           |
| Redis      | 6+      | 7+                                 |

The safety worker is the most CPU-intensive component when running multiple scorers concurrently. Scale it independently with `--scale safety_worker=N`.

## Environment variables

All services are configured via environment variables. See the [full reference](/self-hosting/environment-variables) for every variable, which service uses it, and whether it's required.
