EU residency, by contract
Data lives only on Hetzner hardware in Falkenstein (DE) and Helsinki (FI). The CLOUD Act doesn't apply. Schrems II doesn't apply. GDPR is the home jurisdiction.
The compliant, EU-owned platform for Dockerized apps and managed Postgres — from
uc deploy
to a live URL, without the AWS console, the 90-page DPA, or the surprise bill at the end of the month.
# install once $ curl -fsSL https://uniicy.cloud/install.sh | sh ✓ uc 0.1.0 installed to /usr/local/bin $ uc signup --email alice@acme.eu → check your inbox for the verification link ✓ signed in as alice@acme.eu $ uc project create acme-prod ✓ project acme-prod created in eu-fsn1 $ cd hello-node && uc init && uc deploy → building image ........... ✓ 12.4s → allocating port 40128 .... ✓ → starting container ....... ✓ → registering route ........ ✓ → health check (HTTP 200) .. ✓ 2.1s ✓ live https://hello.acme-prod.uniicy.cloud 2 min 47 s · signed audit trail attached
No VPC peering. No IAM policy language. No invented line items. Every card below maps to a working code path in the repo.
Data lives only on Hetzner hardware in Falkenstein (DE) and Helsinki (FI). The CLOUD Act doesn't apply. Schrems II doesn't apply. GDPR is the home jurisdiction.
Project-scoped values stored under AES-256-GCM with an operator-held master key. uc secret set once — injected into every container at start time.
Signup, login, deploy, secret upsert, system reconcile — all recorded with strict secret redaction. Exportable per project as CSV.
<app>.<project>.uniicy.cloud atomically retargets to the newest healthy deployment — no DNS dance, no broken bookmarks during rollouts.
Prometheus + Loki + Promtail + Grafana run inside the platform. Five dashboards and nine alert rules land out of the box. No SaaS, no per-event billing.
no-new-privileges, cap-drop, read-only rootfs, CPU and memory ceilings. Restart policy and health checks declared in uniicy.yaml.
Every lifecycle step lands in SQLite and streams over Server-Sent Events. uc deploy shows build, start, route, and health in real time.
API startup compares persisted state against Docker and Caddy: vanished containers marked failed, stale routes re-registered, leaked ports released.
Project state and persistent volumes snapshot every 24h to a second EU region (HEL1). Restore from any point in the last 30 days with a single CLI command.
Modern PostgreSQL is a realtime backend, a queue, a search engine, a vector store and a multi-tenant security layer at once. Uniicy runs it for you — and exposes that power as features you switch on, not infrastructure you operate.
Managed PostgreSQL 16 — provisioned, version-managed and monitored by the platform. "We run Postgres" stops being a staffing decision.
A hot standby with automatic failover. Redundancy is a platform concern, not a project you scope and staff yourself.
Continuous WAL archiving, encrypted under an operator-held key. Restore to any second inside the recovery window.
Opt into read scaling with one command — a replica an application reads from, not an architecture it has to design.
Each one normally arrives as its own managed service, its own bill and its own failure mode. Here they are one opt-in switch on a database you already understand.
Embeddings and similarity search for AI and recommendation features — in the same database as your rows. No separate vector cluster to keep in sync.
The write-ahead log is the canonical change feed. Live dashboards, presence and activity feeds delivered over SSE and WebSockets at the edge.
Recurring jobs that run inside the database, next to the data they touch. No separate scheduler daemon to deploy, monitor or keep alive at 3 a.m.
A queue with transactional guarantees: a job commits in the same transaction as the work that created it. No broker, no lost-message failure mode.
Search across application data without standing up — or paying for — a separate search cluster. Ranking and highlighting included.
Per-tenant isolation enforced by the database itself — the multi-tenant security layer lives in Postgres, not in bespoke application code you can forget.
The same commands every operator rehearses before showing the platform to a stranger. No demoware — this is the deploy flow you run in production.
uc signup creates an EU-hosted account with verification email and a long-lived CLI token written to ~/.uniicy/.
uc project create opens an audit-scoped boundary. Secrets and deployments belong to it; you can have many.
uc init writes a uniicy.yaml next to your Dockerfile: port, env, health, restart policy. Read it, edit it, commit it.
uc deploy builds, starts, routes and health-checks. uc open hands the stable URL to your browser.
uc command is the platform.A single binary. Same surface against local docker compose as against the managed alpha. Machine-readable --json on every operator-facing command, graceful non-TTY behaviour for CI.
uc deployuc deploymentsuc deployment infouc deployment stop
uc db createuc db connectuc db backupsuc db replica add
uc logsuc deployment events --followuc audit events
uc secret setuc secret listuc secret remove
uc system reconcileuc system portsuc system backup
uc self-update --check verifies against the public release feed before replacing the binary.
$ uc deployments PROJECT APP ID STATUS HEALTH ROUTE acme-prod web dpl_8f2 running ok https://web.acme-prod.uniicy.cloud acme-prod worker dpl_8e1 running ok — acme-prod web dpl_8d4 stopped — superseded acme-stage web dpl_8b0 building — streaming $ uc deployment events dpl_8b0 --follow [2026-05-18 14:02:11] build.start hello-node:dpl_8b0 [2026-05-18 14:02:14] build.step Step 4/9 : COPY . . [2026-05-18 14:02:23] build.success image sha256:1a0c... (45 MB) [2026-05-18 14:02:23] port.alloc 40128 [2026-05-18 14:02:25] route.register web.acme-stage.uniicy.cloud [2026-05-18 14:02:27] health.ok HTTP 200 (path=/healthz, 2.1s)
$ uc db list NAME VERSION PLAN HA REGION STORAGE acme-prod-db PG 16.2 standard primary+standby eu-fsn1 38.4 / 80 GB acme-prod-db └ replica read-replica eu-hel1 lag 41 ms acme-stage-db PG 16.2 small single eu-fsn1 6.1 / 20 GB $ uc db connect acme-prod-db → opening psql over TLS · pooled (pgBouncer) on :6432 psql (16.2) · SSL · type \q to quit acme-prod=> _ $ uc db backups acme-prod-db → PITR window 2026-04-20 02:00 → now (28 d, base + WAL) ✓ base_2026-05-18 02:00 41 MB encrypted · sha256 verified
$ uc logs --app web --follow [14:02:31] info GET / 200 12ms ip=… ua=Mozilla/5.0 [14:02:31] info GET /healthz 200 2ms [14:02:32] info POST /v1/checkout 201 84ms user=usr_42a [14:02:33] warn POST /v1/webhook 408 1804ms retry=2 ext=stripe [14:02:34] info POST /v1/webhook 200 117ms retry=3 recovered [14:02:35] info GET /v1/me 200 18ms [14:02:36] info GET /v1/projects/acme-prod 200 41ms … streaming · ^C to stop, --json for machine-readable
$ uc secret list --project acme-prod KEY TYPE SCOPE ROTATES LAST READ DATABASE_URL connection acme-prod 90 d 14:02 STRIPE_API_KEY token acme-prod 30 d 14:01 NEXTAUTH_SECRET token acme-prod 180 d 12:11 SENTRY_DSN url acme-prod none 11:58 JWT_SIGNING_KEY ed25519 acme-prod 365 d 09:02 $ uc secret set STRIPE_API_KEY --from-stdin → value never written to disk · encrypted with AES-256-GCM ✓ rotated · audit entry secret.rotated written
$ uc audit events --project acme-prod --since 24h TIMESTAMP ACTOR ACTION RESOURCE 2026-05-18 14:02:27 alice@acme.eu deploy.success dpl_8b0 2026-05-18 14:01:08 alice@acme.eu secret.rotated STRIPE_API_KEY 2026-05-18 13:44:02 ci-token (gh) deploy.start dpl_8b0 2026-05-18 11:02:11 system backup.snapshot backup_2026-05-18 2026-05-18 09:14:55 morgan@acme.eu project.reconcile acme-prod … 142 total events · hash-chained · --format=csv | jsonl
Falkenstein is the primary; Helsinki carries disaster recovery and lands as a second customer region at public beta. There is no US region. There will not be a US region.
Monthly billing, no contracts. Every plan runs on EU-resident infrastructure with managed Postgres, automatic TLS, and built-in metrics included.
Side projects, prototypes, and learning.
Production apps for small teams & startups.
Established businesses with heavier workloads.
For large or regulated organisations.
Prices in USD, billed monthly — no annual contract. Rows marked TBD are placeholders pending the final feature matrix. EU VAT applied per billing address.
One curl, one signup, one deploy. The same path every alpha customer takes — minus the invite.