Self-Host the Whole Thing
Yes. You can self-host CreateOS Sandbox in your own cloud: run the control plane and bring your own object storage (S3, R2, Tigris, or MinIO), so code, snapshots, and data never leave your boundary. During alpha, self-host is the interim control for regulated teams while compliance certifications are on the roadmap.
The Blocker is Rarely the Isolation Model
For a regulated, security-first team, the honest blocker is the sentence: our security team will not let us send code to someone else's cloud. Certifications usually answer that. We do not have them yet.
So the answer we actually have is better for sovereignty anyway. Run the control plane and the storage yourself, and the question stops being about trust in a vendor's cloud.
How It Works
Self-host the control plane in your own environment. Storage is bring-your-own-S3, so S3, R2, Tigris, or MinIO, with FUSE mounts, live attach and detach, and local to remote sync. Point the control plane at your own buckets and the code, the snapshots, and the data stay inside your boundary.
That is real data residency, set by architecture, not a residency label on someone else's region. The deployment is region-aware: CreateOS cloud, your VPC, or on-prem.
Honest About the Stage
CreateOS Sandbox is alpha. SOC 2, HIPAA, GDPR, and ISO certifications are on the roadmap, not yet held. Audit logging and RBAC are on the roadmap too. We will not claim a certification we do not have.
Self-host is the interim control we are honest about, not a substitute for the certs and controls a regulated buyer will eventually require. If you need audit logging or specific controls now, we sequence them with you as a design partner.
- Self-host the control plane and the storage in your own environment.
- Bring your own object storage: S3, R2, Tigris, or MinIO.
- Region-aware: CreateOS cloud, your VPC, or on-prem.
Common Questions
Can I self-host a code execution sandbox in my own cloud?
Yes. Run the CreateOS Sandbox control plane in your own environment and bring your own object storage, so code, snapshots, and data never leave your boundary.
Do you have SOC 2 or HIPAA?
Not yet. SOC 2, HIPAA, GDPR, and ISO are on the roadmap, not yet held. CreateOS Sandbox is in alpha, and self-host is the interim control for residency and sovereignty while certifications firm up.
Is this a self-hosted E2B alternative?
It is a sandbox you can run entirely in your own boundary, with the control plane and storage self-hosted. The differentiator beyond self-host is the combination: per-VM kernel isolation, sandbox networking, and kernel-level egress governance together.
Where does my data live when I self-host?
In object storage you control: S3, R2, Tigris, or MinIO. The control plane points at your buckets, so the code, the snapshots, and the data stay inside your environment by architecture, not by a setting in someone else's console.