Self-hosted means your data never leaves your network
Temps runs entirely on infrastructure you own. No DPA to negotiate, no subprocessors to review, no vendor-side breach exposure. Most of your standard vendor questionnaire simply doesn't apply — and we've pre-filled the rest.
What your vendor review looks like
A SaaS platform processes your data on their servers. Temps doesn't — and that removes most of the checklist before you start.
Security properties you can verify, not just trust
Every claim below is checkable in the open-source code or in your own deployment. No “trust us” required.
Your data never leaves your network
Analytics, session replays, error reports, logs, and metrics are stored in your own PostgreSQL database, on your own hardware. Temps has no access — not optionally, architecturally.
Secrets encrypted at rest
Application secrets and credentials are encrypted by a built-in encryption service before they touch the database. The encryption key is generated at install time and only you hold it.
Telemetry is opt-in, off by default
Zero phone-home unless you explicitly enable it. The full event list is documented and auditable in the open-source code — verify it yourself instead of trusting a policy page.
Automatic TLS everywhere
Certificate issuance and renewal via ACME / Let's Encrypt, including DNS-01 for wildcard and internal setups. No expired-cert incidents, no manual rotation.
Open source and auditable
Dual-licensed Apache-2.0 / MIT. Your security team can read every line, build from source, and pin the exact commit you deploy. If we disappeared tomorrow, you keep running.
Memory-safe by construction
The entire platform is written in Rust, eliminating the buffer overflows and memory-corruption bugs behind a large share of critical CVEs in C/C++ infrastructure.
Scoped API keys
Programmatic access uses API keys restricted by role-based permissions, so CI pipelines and scripts get exactly the access they need and nothing more.
Runs fully air-gapped from us
Temps can operate inside a private network with no public exposure and no outbound dependency on temps.sh. Perfect for internal tools that must stay internal.
One vendor review instead of six
Temps replaces the separate deployment, analytics, session replay, error tracking, and uptime tools your team would otherwise buy — each with its own questionnaire, DPA, and breach surface.
Vercel
Deployments
Sentry
Error tracking
PostHog
Analytics
FullStory
Session replay
Pingdom
Uptime monitoring
Five security reviews your team doesn't run
One binary, one audit surface, one attack surface to reason about — instead of five SaaS vendors each holding a slice of your production data.
Our compliance posture, stated honestly
Temps is not SOC 2 certified, and we'd rather tell you that on this page than let you find out three weeks into procurement. Here's why it matters less than you'd expect: SOC 2 attests to controls over vendor-operated infrastructure. In a self-hosted deployment there is none — your data is processed exclusively by your own infrastructure, under the certifications and controls you already maintain.
What we provide instead is everything your team needs to complete its own diligence:
- A pre-filled vendor security questionnaire, versioned with the product
- Full source code for direct audit (Apache-2.0 / MIT)
- A published vulnerability disclosure policy with a 48-hour response commitment
- GDPR and data-ownership documentation
Security review questions we haven't answered here? Email [email protected] — we respond to review inquiries within 2 business days.
Need enterprise-grade controls?
The Enterprise edition adds the identity and accountability layer larger organizations require — plus a commercial support agreement, so there's a real vendor relationship behind your deployment.
SAML single sign-on with your existing identity provider
SCIM user provisioning and deprovisioning
Tamper-evident, hash-chained audit logs
Support contract with a named escalation path
Skip the questionnaire ping-pong
Download our pre-filled vendor security questionnaire (CAIQ-Lite style) and hand it straight to your security team. Every answer is written for a self-hosted deployment — honestly, including what's your responsibility and what's ours.