ProjexCloud
Sign inStart free trial

Features

Everything you need to ship multi-tenant SaaS without rebuilding the plumbing every quarter. Pick what you use; the rest is opt-in.

Identity

Six-layer identity stack

Every JWT carries six scopes: Master Person, App Identity, Tenant Membership, Persona, Encounter, Relationship. The platform filters every read and write through those scopes — there is no path to another tenant's data, even by accident.

  • Self-serve signup mints all six layers in one round trip.
  • Social IdP (Google, Microsoft, Apple), SAML SP, SCIM 2.0 user provisioning.
  • MFA challenge + step-up auth, impersonation grants with approval flow + audit.
  • OIDC discovery + JWKS endpoints out of the box.
Encryption

Customer-managed keys (BYOK / CMEK)

Tenants on the Pro and Enterprise tiers bind their own AWS KMS, GCP KMS, or HSM (PKCS#11) key to wrap the platform's Tenant Key envelope. Revoke the grant on your KMS and this tenant's data becomes undecryptable platform-wide within 30 seconds. The kill-switch your auditors keep asking about.

  • Four-tier vault hierarchy: Platform KEK → Tenant KEK → DEK → Per-resource keys.
  • SIEM forwarding hooks so all key-usage events stream to the customer's SOC.
  • Cryptographic shredding for right-to-be-forgotten and time-bound retention.
  • Tenant-level rotation with a 10-minute grace window so config swaps don't outage.
AI Gateway

Governed multi-provider AIBYOK Q3 2026

One endpoint, four providers (OpenAI, Anthropic, Bedrock, Gemini). Every call goes through PII redaction, per-tenant routing rules, soft-cap and hard-cap budgets, and a Langfuse trace. Bringing your own AI provider keys is the next step.

  • Streaming + non-streaming completions, model allowlists, cost passthrough + margin.
  • Per-tenant route rules: send PHI prompts to a HIPAA-covered model, everything else to Frontier.
  • Circuit breakers per provider so a Bedrock incident doesn't cascade.
  • BYOK for AI provider keys: rolling out Q3 2026; tenants on their own key pay only the governance SKU.
Audit

Append-only audit chain

Every admin-side action — member added, key revoked, policy changed, AI completion run — appends to a per-tenant SHA-256-chained ledger. Verify the chain on demand. Export to PDF or JSON. Survives a courtroom.

  • Three retention classes: transient (7d), operational (90d), regulated (7y).
  • Independent per-tenant chain heads so a chain break is locally contained.
  • Cross-system trace IDs link audit rows to Langfuse, OpenTelemetry, and provider invoices.
  • Background verifier scheduler scans chains on a configurable cadence; alarms on break.
Vertical Packs

Composed verticals, not raw SDKs

Healthcare, FinServ, RevOps, Field-service, Public Sector. Each pack composes pre-tested SDKs with compliance attestations and a working starter app. Pick a pack at signup or via /build; the platform pre-installs the right module_subscriptions, seeds demo data, and routes new tenants to the right pool family.

  • Healthcare: sdk-evidence + sdk-consent + sdk-data-rights + hdk-camera, HIPAA + 21 CFR Part 11 mapped.
  • FinServ: sdk-audit + sdk-approval + sdk-policy + sdk-sovereign, SOX + PCI-DSS mapped.
  • RevOps: sdk-crm + sdk-engagement + sdk-lead-scoring + sdk-campaign + connector-salesforce.
  • Field-service: sdk-dispatch + sdk-assignment + sdk-storm + hdk-map + hdk-camera.
  • Public Sector: sdk-sovereign + sdk-onprem + sdk-data-rights, FedRAMP-Moderate / StateRAMP mapped.
AI Build

From prompt to running app

At /build inside the tenant workspace, describe the application in plain English. The cloud agent matches your prompt to a vertical blueprint, asks two or three clarifying questions, scaffolds the app inside an isolated sandbox in your tenant pool, runs migrations, seeds demo data, and hands you a working URL.

  • Powered by sdk-agent-runtime + sdk-ai-gateway, scoped to the blueprint catalog.
  • Local CLI alternative (projex init / install / deploy) drops .claude/mcp.json or cursor.mcp.json so any AI coding tool gets full SDK discovery via MCP.
  • Every scaffold writes to your audit ledger so platform staff can't silently change your app.
Deployment

Single-region to sovereign

Starter and Pro run on shared multi-region infrastructure. Enterprise opens active-active across regions, sovereign region pinning (EU, UK, FedRAMP, StateRAMP, IL5, PIPL), and air-gapped on-prem bundles for the deployments that legally cannot use shared cloud.

  • Pool-based horizontal scaling — no sharding, no manual capacity planning.
  • Active-active multi-region with chaos drills as a first-class operation.
  • Sovereign regions with attestation issuance and leak-alert audit events.
  • On-prem bundles with rollback support and local-LLM provider resolver.

Ready to try it?

14-day free trial, no credit card. See pricing or read getting started.

Start free trialSecurity & compliance