SaaS, Sovereign Managed Infrastructure or Self-managed Server?
Organizations today have three primary paths for hosting their digital services and data, each offering a different balance of convenience and control.
Software-as-a-Service (SaaS) provides the most immediate ease of use, and the technical custody is handed over to the vendor. On the other end of the spectrum, a Self-managed Server offers total independence but places the full burden of maintenance and security on the owner (the organization). Between these two extremes lies sovereign managed infrastructure, a middle ground designed to provide professional management while ensuring data remains strictly under local jurisdiction and law.
For organizations that need to comply with local regulations or that can't risk their data being accessed by foreign governments, it becomes a necessity to understand the differences between these models:
| Model | Data Controller | Data Processor | Best for... |
|---|---|---|---|
| SaaS | The User / Organization (You) | Software Vendor (e.g., ActivityInfo) | Speed and ease of use |
| Sovereign Managed Infrastructure | The User / Organization (You) | Local Vetted Hosting Provider (bound by local jurisdiction) and ActivityInfo | Political independence |
| Self-managed Server | The User / Organization (You) | Internal IT Team (Your own employees) | Complete autonomy |
This article compares these three ActivityInfo offerings to help you identify which model best fits your operational needs and security requirements.
ActivityInfo offerings
ActivityInfo SaaS
The SaaS version of ActivityInfo is the most popular among organizations of all sizes.This version runs on the Google Cloud Platform and is available over the public Internet. When using the ActivityInfo SaaS version your data is stored in servers in multiple, redundant data centers in the EU including Frankfurt, and Belgium, and the Netherlands. By keeping multiple copies of the data in these locations we make sure we have enough backups in case of a natural disaster or failure of a single data center.
In the SaaS version everything is managed by the ActivityInfo team and the application is scalable to any number of users, forms, and up to 200,000 records per form. Your organization signs a Service Level Agreement with SLO of 99.5% availability. We provide weekly automatic software updates, instant data recovery and our team is responsible for backups and data durability.
We support our customer's compliance obligations under the GDPR, the General Data Protection Regulation law put in place by the EU in 2018. Our team commits to complying with the GDPR as a data processor outlined in our data privacy notice.
We also support compliance with other national legislation such as South Africa's POPIA, Kenya's Data Protection Act, or Brazil's LGPD. Because the EU is widely recognized for its high standard of data protection, transferring data to our EU-based servers is generally permitted under the 'adequacy' or 'equivalent protection' clauses of these laws.
The SaaS version is available via a subscription .
ActivityInfo Self-managed Server
In some cases, organizations need to comply with strict internal or external regulations related to data. The ActivityInfo Self-managed Server is offered to address those needs.
The ActivityInfo Self-managed Server runs on a physical computer on premise or on a cloud account you and your team manage and it can run on internal networks, including air-gapped networks. The scale of the system depends on your hardware and it is limited to one physical server or virtual machine. Your team is responsible for availability and downtime is required for upgrades and maintenance. Also, backups and data durability are part of your team's responsibilities. Recovery Time and Recovery Point Objectives depend on your disaster recovery strategy and new features are released quarterly.
The ActivityInfo Self-managed Server is available via a licence.
Sovereign managed infrastructure for EU organizations
We provide specialized hosting for organizations whose work demands total immunity from extraterritorial legal reach. This fully-managed sovereign cloud ensures that your data residency, system administration, and legal jurisdiction remain strictly within the European Union, operated by EU citizens and subject to EU laws. By eliminating dependencies on foreign-controlled infrastructure, we protect our clients from legal pressure by non-EU governments and the risk of service interruptions triggered by international policy shifts.
Are you interested in learning more or exploring your options? You can always contact us to discuss further.