What if Truto shuts down?
Truto ensures business continuity through profitability, on-prem and self-host deployment options, SOC 2 Type II compliance, and source code access for long-term security.
Truto plays a critical role in our customers' technology infrastructure, often serving as the foundation of their operations. We fully recognize concerns regarding Truto's longevity and are addressing them in the following ways:
Financial Stability
Truto is both bootstrapped and profitable. We are dedicated to this path because it allows us the freedom to develop our product and grow at our own pace, without external funding pressures. Truto is resilient to market conditions or stagnating growth metrics.
Customer Base and Longevity
Our stability is reinforced by our expanding customer base. We're proud to support incredible companies, from startups like Claira and Senja to those with significant backing, such as Sprinto and Spendflo. Their trust not only solidifies Truto but also enhances its value for our broader ecosystem.
Continuity Assurance
For certain clients, we have made contractual commitments to deploy Truto within their infrastructure in the unlikely event of a shutdown, ensuring continuous service and access to the intellectual property as required.
Deployment Options: Truto Cloud vs On-Prem
Truto offers three deployment models so you can choose the right balance of convenience, control, and compliance.
Truto Cloud - Hosted and operated by us. You get a fully managed service with automatic updates, zero infrastructure overhead, and immediate access to new integrations and unified models. Best for teams that want the fastest path to production.
Truto On-Prem - Deployed inside your own Virtual Private Cloud (VPC) or data center, with Truto managing the infrastructure on your behalf. The integration layer sits behind your firewall, completely isolating data from external sub-processors. You get the reliability of a managed service with the data sovereignty of on-prem.
Truto Self-Host - You fully host and manage the solution, giving you complete control. We provide access to Truto's source code, so your engineering team can build upon and customize the platform to your specific needs.
All three models run the same stateless, configuration-driven architecture. API behavior, unified models, and customizable JSONata mappings work identically regardless of where Truto is deployed.
What On-Prem Customers Receive
- Containerized deployment package - Truto ships as a set of container images that can be deployed on any container orchestration platform. Setup typically takes under an hour.
- Network and firewall guidance - We provide documentation covering required outbound connectivity (to reach third-party APIs your integrations call), internal port requirements, and recommended firewall rules. The platform only needs outbound HTTPS to the SaaS APIs you integrate with - no inbound ports need to be exposed to the public internet.
- OAuth and credential management - OAuth tokens, API keys, and other credentials are stored within your infrastructure. Truto refreshes OAuth tokens shortly before they expire, and all secrets stay inside your network boundary.
- Data processing region selection - Choose the region where your instance runs to satisfy data residency requirements. Since Truto's pass-through architecture does not store your customers' data, the compliance footprint stays minimal.
Operational Responsibilities and Support
| Responsibility | Truto Cloud | On-Prem (Managed) | Self-Host |
|---|---|---|---|
| Infrastructure provisioning | Truto | Customer (guided) | Customer |
| Application updates & patches | Truto | Truto | Customer |
| Uptime monitoring | Truto | Shared | Customer |
| Integration config & mappings | Truto | Truto | Customer (source access) |
| Credential storage | Truto | Customer infra | Customer infra |
| SLA guarantee | Yes | Yes | Best-effort |
| Dedicated support channel | Shared Slack, dedicated engineers | Shared Slack, dedicated engineers | Email & docs |
On-Prem (Managed) customers get the same hands-on support as Cloud customers - shared Slack channels, dedicated engineers, and new integrations built on request - while retaining full data sovereignty.
Compliance and Data Residency
Truto is SOC 2 Type II and ISO 27001 compliant, GDPR and HIPAA certified, and adheres to CCPA regulations. All data is encrypted at rest using 256-bit AES encryption and in transit using TLS 1.3.
More importantly, Truto's pass-through architecture means it does not store your customers' data on its platform. API calls are executed in the same request-response cycle with zero data retention in between. This design keeps your compliance scope small: there is no cached database to audit, no retention schedule to manage, and no additional sub-processor storing copies of your customers' records.
For organizations that need complete isolation - regulated industries, government contractors, or companies with strict vendor policies - the on-prem deployment puts the entire integration layer inside your security perimeter. Your InfoSec team audits one environment, not two.
Open-Source Commitment
Why not open-source now?: Our pre-built unified models demand significant time and attention to detail. Open-sourcing would require us to broadly distribute our intellectual property, and dedicate resources to building and managing a community — resources we wish to allocate judiciously. Maintaining our competitive advantage in creating superior unified models is also paramount.
Staying true to the open-source movement: We believe that partially open-sourcing our product merely to label ourselves as 'open-source' contradicts the core principles of the open-source community. We are strong believers in the open-source movement and understand the importance of contributing to it with a perspective that extends beyond mere nomenclature.
If you have suggestions on what approach you think works great for core infrastructure products like Truto, we're all ears. Please write to us at support@truto.one
FAQ
- Does Truto offer on-prem deployment?
- Yes. Truto ships as container images that deploy inside your VPC or data center. On the managed on-prem plan, Truto handles application updates and integration configs while your team controls the infrastructure and credential storage.
- Is Truto SOC 2 Type II compliant?
- Yes. Truto is SOC 2 Type II and ISO 27001 compliant, GDPR and HIPAA certified, and adheres to CCPA regulations. Its pass-through architecture stores zero customer data, keeping your compliance scope minimal.
- Can I customize Truto's unified APIs with on-prem deployment?
- Yes. All deployment models - Cloud, On-Prem, and Self-Host - run the same configuration-driven architecture. You can customize unified API mappings, add custom fields, and override response schemas using JSONata expressions, regardless of where Truto is hosted.
- What happens to my integrations if Truto shuts down?
- Truto is bootstrapped and profitable, reducing shutdown risk. For additional assurance, certain clients have contractual commitments for on-prem deployment in the unlikely event of a shutdown, and self-host customers receive full source code access.
- Does Truto store my customers' data?
- No. Truto uses a pass-through architecture that executes API calls in real time without caching or persisting your customers' data. This eliminates sub-processor risk and simplifies SOC 2 and HIPAA compliance.
