How ADE's containerized VPC deployment isolates document processing within customer infrastructure: architecture, ZDR scope differences, HIPAA, and initiation.
Zero Data Retention guarantees that LandingAI does not store documents after processing. It does not guarantee that documents never leave the organization's own infrastructure during processing. LandingAI ADE addresses this distinct requirement through a containerized application deployable inside the customer's own Virtual Private Cloud, where documents never cross a network boundary outside customer control.
The Distinction Between ZDR and Infrastructure Isolation
ZDR and the VPC containerized deployment address different threat models and are not interchangeable.
ZDR on the hosted SaaS path means documents transit to LandingAI's managed infrastructure (AWS Ohio for US, AWS Ireland for EU), are processed in-memory without storage, and are discarded immediately. No document content is retained at rest on LandingAI systems or sub-processors, but the document does cross a network boundary outside the customer's control.
The containerized VPC deployment means ADE runs entirely inside the customer's own cloud environment on AWS, Azure, or GCP. Documents never leave customer-controlled infrastructure at any point during processing. As documented in the ZDR overview: ADE deployed in a customer VPC maintains zero data retention because it is on the customer's own VPC.
The distinction matters for policies that define "external" as any system outside the organization's own cloud tenant, and for air-gapped environments where outbound network access is prohibited entirely.
What the VPC Deployment Covers
The containerized VPC deployment runs ADE within the customer's own cloud environment (AWS, Azure, or GCP) with LandingAI having no access to document data during processing; per the ZDR documentation, in a VPC deployment the customer's organization is responsible for managing zero data retention on its own infrastructure and any sub-processors it integrates, such as its own LLM API keys.
This is the correct architecture for organizations whose compliance posture requires that the vendor never have access to the data path, not merely that the vendor not store the data. The Security and Compliance page confirms support for air-gapped environments under this deployment model.
HIPAA Applicability in VPC Deployments
Processing PHI under HIPAA in a VPC deployment requires the same two conditions as the hosted path: ZDR enabled and a signed Business Associate Agreement in place with LandingAI.
A BAA is initiated through Organization Settings after ZDR activation and is available on Team and Enterprise plans. See ADE pricing for plan-level detail.
Which Deployment Path Applies
| Requirement | Hosted SaaS with ZDR | Containerized VPC |
|---|---|---|
| No document storage after processing | Yes | Yes, by architecture |
| Document transit stays within organization's cloud | No: transits to LandingAI infrastructure | Yes |
| Air-gapped network environments | No | Yes |
| Vendor has no access to document data during processing | No: LandingAI processes the document | Yes |
| Customer manages own sub-processors | No | Yes: customer is responsible |
| Availability | Team and Enterprise (US); custom plans (EU) | Enterprise plan; contact required |
Initiating the VPC Deployment
The containerized VPC deployment requires an enterprise agreement and is not available through self-service plan upgrade. Contact LandingAI through the enterprise contact page to initiate; the Trust Center contains compliance documentation and security certifications relevant to evaluating the deployment model before engagement.
FAQ
Does a VPC deployment eliminate the need for a BAA when processing PHI? No. Processing PHI under HIPAA requires a signed Business Associate Agreement with LandingAI regardless of deployment model. The BAA covers LandingAI's role as a data processor; the VPC deployment affects where processing occurs, not whether the contractual obligation exists. Both ZDR and a BAA are required, and the BAA is initiated through Organization Settings after ZDR activation.
Who is responsible for data retention controls on sub-processors in a VPC deployment? In a VPC deployment, the customer's organization is responsible for managing zero data retention on any sub-processors it integrates, such as its own LLM API keys. LandingAI is not responsible for ZDR on the customer's infrastructure or the customer's own sub-processors in this model. This differs materially from the hosted ZDR path, where LandingAI guarantees ZDR coverage across the full platform including all LandingAI sub-processors. See the ZDR documentation for the full scope statement.
Is the VPC deployment available as a self-service option? No. The VPC containerized deployment requires an enterprise agreement and cannot be activated through a self-service plan upgrade. Contact LandingAI through the enterprise contact page to initiate the process.
Does the VPC deployment support air-gapped environments with no outbound network access? Yes. LandingAI's Security and Compliance page confirms support for air-gapped environments under the VPC containerized deployment model, where ADE processes documents with no outbound network access required. Contact LandingAI through the enterprise contact page to discuss air-gapped deployment requirements.