Tech USP: Kumiko apps are standard Bun containers. They run where you decide — on our infrastructure, on yours, or on an air-gapped box in your basement. The same code, the same data model, the same audit trail. Where it runs is a deployment decision, not a product decision.
Buyer’s view: “Our compliance officer wants the data in our own data center, our developers want fast iteration, and our CFO wants to know where the bill comes from.” — three different concerns, three different people, one product. Pick the mode that fits, switch when it doesn’t.
Three modes, your choice
| Mode | What it is | Audience |
|---|---|---|
| Hosted | We run it on our EU infrastructure. Click → live in under 2 minutes. | Solo founders, mid-market without DevOps capacity |
| Self-host | You run it on your cloud (Hetzner, AWS-EU, your private cloud, Kubernetes). We ship the build, you ship to production. | Mid-market with DevOps, agencies, indie devs who want full control |
| On-prem | You run it inside your own data center. Air-gapped works too. Zero outbound dependency on us. | Regulated industries, public-sector contracts, paranoid-by-policy enterprises |
Switching modes later is straightforward — same containers, same database format. Hosted today, self-hosted next year? Export, deploy, point DNS. We help.
EU hosting reality
For the hosted option, your app and database run on Hetzner Cloud in your chosen EU region. Pick yourself or let us pick. Backups stay in EU storage. We use Cloudflare for DNS and edge caching but no data is stored at Cloudflare — it’s a routing layer, not a database.
No US transfer. No Schrems-II detour. No “but our CDN provider has US data centers” surprise.
For self-hosted and on-prem, this is whatever you decide. You pick the region, you pick the provider, you pick whether anything leaves your network at all.
Admin without exposed ports
For the hosted option, the servers running your app have no public SSH port. Not closed-by-firewall, not behind fail2ban — not exposed at all. Admin access is over a private VPN that only authorized operators can connect to.
What this means in practice:
- Brute-force scans hit a closed port and bounce. We’re not in the SSH-honeypot business.
- Compromise of a single ops machine doesn’t grant access — the VPN keys are per-operator.
- Audit logs show who connected and when — every admin session is traceable.
For self-hosted, you decide your own admin posture. We document the same setup so you can replicate it if you want.
What’s built in
- Multi-stage build —
kumiko-buildproducesdist/(client) +dist-server/(~1 MB server bundle), 7 native externals documented - Pre-deploy migrate —
kumiko migrate applyas an ephemeral container step - Boot gate — missing migrations or tables → container exits with a clear error. No silent auto-heal in production
- API/Worker mode split — split your app into web-facing and background-job containers when load demands it
- Per-instance consumer delivery — caches stay in sync across replicas without you wiring up the plumbing
Custom domain on your terms
Hosted apps ship with a default URL on our platform. From the Pro tier upward, you bring your own domain — tools.acme.de, intern.muster-ag.de — and we handle the certificate. Your customers see your brand, not ours.
For self-hosted and on-prem, the domain is whatever you point at the box. There’s no “Kumiko-branded URL” anywhere in the code.
Architecture deep dive
hosting-stack— Coolify/k8s/bare-metal setupsmigrations— per-app migration storyscaling— API horizontal, worker as separate processeslifecycle— startup phases, graceful shutdown
Reference: samples/showcases/publicstatus/deploy/ (Dockerfile + docker-compose + GHA workflow).
Where this lands in the pitch
- EU mid-market: “Data stays with you, on-prem is real, no US-cloud sneak-attack.” — true on every mode
- Indie hackers: Hosted at a sane price, or self-host on a Hetzner box for €5/month if you’d rather pay in attention than money
- Regulated industries: On-prem with zero outbound dependency, your auditor sleeps tonight