Self-Hosted Data Architecture & Responsibilities
Password Pusher Pro – Self Hosted Edition
Apnotic, LLC
1. Deployment Architecture
| Aspect | Self Hosted Pro |
|---|---|
| Hosting Environment | Customer's own infrastructure (cloud or on-premises) |
| Data Storage | Customer-controlled databases and storage systems |
| Data Transmission | No data transmitted to Apnotic systems |
| License Validation | Cryptographic license check only (no user/data content) |
| Support Access | None by default; optional remote support requires explicit customer-initiated session |
2. Data Flow Diagram
User → Customer's Password Pusher Instance → Customer's Database/Storage
↓
[No outbound data to Apnotic]
↓
License validation only (cryptographic signature)
3. Data Responsibilities
| Responsibility | Apnotic (Licensor) | Customer (Licensee) |
|---|---|---|
| Application Code | ✅ Provide secure, maintained software | — |
| Infrastructure & Hosting | — | ✅ Customer's cloud/data center |
| Data Storage & Encryption | — | ✅ At-rest encryption, backups |
| Access Controls & Authentication | — | ✅ User management, SSO configuration |
| Compliance (GDPR, SOC2, etc.) | — | ✅ As data controller/processor |
| Security Patching (OS/Network) | — | ✅ Customer's responsibility |
| Audit Logs & Monitoring | — | ✅ Customer's SIEM/tools |
4. What Apnotic Cannot Access
To be explicitly clear, Apnotic does not and cannot:
- Access customer databases or stored passwords/files/text/URLs
- View user accounts, activity logs, or analytics
- Process, store, or transmit customer data in any capacity
- Access customer servers or infrastructure
- Decrypt customer-encrypted content
5. What Apnotic Provides
- Software License: Cryptographically signed license file for deployment
- Container Images:
registry.apnotic.com/pwpush-pro(or -advanced, -enterprise) - Documentation: Deployment guides, configuration references, security best practices
- Support: Technical assistance via support portal (no remote access unless explicitly granted)
6. Compliance Positioning
| Scenario | Applicability |
|---|---|
| DPA (Data Processing Agreement) | Not applicable – Apnotic does not process customer data |
| BAA (Business Associate Agreement) | Not applicable for HIPAA – customer acts as sole custodian |
| Subprocessor List | Not applicable – no subprocessors engaged for customer data |
7. For Procurement/Legal Teams
Common Question: "Why won't Apnotic sign our standard DPA?"
Answer: A DPA governs the relationship between a data controller and a data processor. In a self-hosted model, the customer is both the controller and processor of their own data. Apnotic provides only the software — analogous to Microsoft providing Windows Server or Oracle providing database software for on-premises deployment. No DPA is required because Apnotic never handles customer data.
The only personal data Apnotic holds for self-hosted customers is the license purchaser's contact information (name, email, company name) for account management and license fulfillment. This is a standard commercial relationship, not a data processing arrangement.
For further details, see our Data Processing Agreement which documents this distinction and explains Apnotic's role as a software licensor for self-hosted deployments.
Document Version: 1.1
Last Updated: May 2026
Contact: support@apnotic.com | https://apnotic.com