Your Data, Your Rules
Infowin Hybrid Vault — Double-Tunnel Hybrid Private Cloud
System logic evolves in the cloud; raw data stays permanently in your internal network. We only transmit computation commands.
Double-Tunnel Architecture
Infowin uses the industry-leading Double-Tunnel architecture, physically separating the 'system command flow' from the 'personnel access flow', ensuring data is encrypted on every path.
Cloud Logic Layer
UI / Business Logic / AI Algorithms — maintained and auto-updated by Infowin
System Command Flow
Self-hosted mTLS Tunnel
Cloud UI sends computation commands to on-premises via mutual TLS tunnel. Raw data never leaves your server.
Personnel Access Flow
Cloudflare Zero Trust
Authorized personnel access securely via Cloudflare WARP — no firewall ports needed (Elite plan)
On-Premises Server Room
PostgreSQL + Redis, deployed in 192.168.x.x internal network, IP never exposed to public internet
“We only transmit computation commands. Raw data stays permanently in your internal network (192.168.x.x)”
Why Choose Hybrid Vault?
Complete three-way deployment comparison
Traditional Cloud SaaS | Traditional On-Premise | Infowin Hybrid VaultRecommended | |
|---|---|---|---|
| Data Storage | Vendor's cloud servers | Client's own servers | Client's own servers |
| System Updates | Automatic, always latest | Manual, often outdated | Automatic, always latest |
| Maintenance Cost | Zero | Requires dedicated IT | Minimal (Infowin monitors) |
| Data Sovereignty | At vendor's facility | 100% self-owned | 100% self-owned |
| Remote Access | Anywhere, anytime | Office LAN only | Zero Trust encrypted tunnel |
| Security Isolation | Depends on vendor | Depends on in-house IT | RLS + mTLS + Audit Log |
| 總結 | Data is at someone else's place | Features never update | Logic evolves in cloud, data guarded on-premise |
Plans & Pricing
Choose the right data protection plan for your organization
Standard Cloud
General businesses, small landlords
Secure, reliable, zero overhead. Ideal for clients who prioritize convenience.
開始使用Private Cloud Basic
Established temples, mid-size firms
Data on-premise, century-long legacy. For institutions demanding ultimate privacy and only need to operate within the office.
預約諮詢Private Cloud Elite
Century-old temples, international law firms
Borderless office, military-grade protection. Integrated Cloudflare global nodes to securely control on-premise data from anywhere in the world.
預約諮詢* Setup fee includes: on-site/remote assessment, Docker deployment, mTLS tunnel setup and security testing
* Maintenance fee includes: 24/7 tunnel monitoring, auto Schema sync, Cloudflare Zero Trust management (Elite)
Three Security Mechanisms
Row-Level Security (RLS)
Enforced at the database engine level. Even on shared infrastructure, Tenant A's data is completely invisible to Tenant B. Even Infowin engineers cannot cross-tenant read.
Complete Audit Trail
Every read, modification, and deletion is recorded with tamper-proof logs: who, what time, what command. Compliant and auditable by authorities.
Encrypted Transport (mTLS)
All command communications use AES-256 encryption and TLS 1.3 protocol. Mutual mTLS authentication ensures only authorized endpoints can communicate.
Four Steps to Deploy
One-Click Install Script
IT staff completes local database deployment in 10 minutes
Encrypted Tunnel Connection
Cloud app reads/writes to local DB via mTLS encrypted tunnel
Automatic Version Sync
Schema Migration executes automatically, local DB structure syncs with cloud upgrades
Physical Isolation Protection
External internet cannot directly probe or access the local DB
Technical Specifications
| Transport Encryption | AES-256 GCM, TLS 1.3 |
| Data Isolation | PostgreSQL RLS |
| Deployment | Docker / One-click install script |
| System Command Flow | gRPC / REST over mTLS |
| Personnel Access Flow | Cloudflare Tunnel (Elite) |
| DB Version Sync | Schema Migration auto-executed |
| Disaster Recovery | Local Backup + Encrypted Cloud Backup |
| Monitoring | Cloud health check (no data content access) |
| Stealth Defense | Cloudflare Tunnel — DB IP never exposed |
Data Sovereignty Guarantee
Absolute Ownership
Clients have 100% ownership and disposal rights over all raw data stored on their local servers.
Physical Isolation
Cloud systems only send query commands when executing business logic. Raw data is not permanently stored on cloud servers.
Anti-Probing
Database is on internal network (192.168.x.x) using Cloudflare Tunnel. IP is never exposed to public internet.
Unless authorized in writing by the client or required by law, Infowin engineers shall not proactively read the specific content of client on-premises data.
IBM-Grade Enterprise Architecture in Every Line of Code
Infowin is led by a technical team with NTU master's degree, former IBM software engineer, and university lecturer backgrounds. We combine academic rigor with hands-on operations across large-scale property management, IoT rollouts, and education sites to build the highest-caliber digital fortress for clients.
“We run the same stack every day across large-scale property, tenants, students, and clients — refined through long-haul field iteration and daily operations.”
Michael Chen (陳胤辰)
Founder & CTO
FAQ
Will the local database fall behind cloud updates?
No. Each time the cloud releases new features, Schema Migration automatically executes field/index updates on the local DB to stay in sync.
Can Infowin engineers see my data?
Cloud plan: RLS intercepts at the database level — engineers cannot cross-tenant read. Hybrid plan: data is in your LAN, we cannot even touch the raw data.
I don't have IT staff. Can I use Hybrid Vault?
Yes. We provide on-site installation + remote monitoring (system metrics only, no data content). You can migrate back to cloud anytime.
What are the costs for the local plan?
SaaS monthly fee unchanged, plus a one-time deployment fee (from NT$58,000) and monthly maintenance fee. Contact sales for details.
Can I switch from cloud to Hybrid later?
Yes. Our architecture supports bidirectional migration — cloud to local, or local back to cloud, both achievable with our tools.
What does the Vault console look like?
The Vault console is a complete management interface where you can view connection status, manage keys, and review audit logs.
Go to Vault ConsoleBook a Hybrid Vault Architecture Consultation
Let our architects design the optimal deployment plan for your institution