Deployment Models: Managed, White-Label, Private
Paprel ships three ways: managed (we host, you integrate), white-label (we power, your brand fronts), and private deployment (your infrastructure, scoped together). This page is the map — what each model actually is, when it's the right call, and what doesn't change no matter which one you pick. Vendors are routinely vague about deployment boundaries; we'd rather you cite this page in your evaluation.
| Managed | White-label | Private / BYOC | |
|---|---|---|---|
| Who hosts | Paprel | Paprel, behind your brand | Your cloud, or dedicated infrastructure |
| Who your customers see | You (API) or Paprel (workspace) | You, end to end | You |
| Tenant attribution | Standard companies | partner_id on every tenant | Scoped per engagement |
| Pricing | Starter $149/mo · Growth $499/mo | Custom tier | Custom tier |
| Starting point | Sandbox, self-serve, today | Sandbox today, contract for production | Conversation first |
Managed — the default
Paprel hosts everything: API, ledger, hosted workspace surfaces. You integrate over REST (or MCP for agents) and never think about infrastructure.
Two properties matter architecturally:
- Tenant-pinned regions. Tenant data lives in one of US, EU, or APAC — pinned at provisioning, no cross-region replication. If your customers are split across jurisdictions, you pin per tenant, not per account.
- Sandbox → production is the trial path. Sandbox is self-serve — no billing, no sales call. Run the 20-minute build there, then move to production on Starter ($149/month, 5,000 included accounting ops) or Growth ($499/month, 30,000 included ops) with a 14-day trial. Sandbox and production are separate, isolated environments, so evaluation never touches live data.
Choose managed when you're embedding accounting into your product and standard data-residency options cover you. This is the right starting point for almost everyone — the other two models exist for distribution and compliance shapes that managed can't express, not as upgrades.
White-label — your brand end to end
Same managed infrastructure, different ownership of the customer relationship. Every tenant you provision carries your partner_id, attributing it to your platform rather than floating as an independent signup — the field that makes this white-label rather than just multi-tenant. The full setup (provisioning, per-tenant roles, tenant-scoped OAuth) is walked in the white-label setup guide.
Two delivery surfaces today:
- Headless API under your brand. Your UI, your domain, your design system. Paprel is the engine behind your endpoints.
- Hosted surfaces. Paprel-hosted workspace views you hand your customers, for the accounting screens you don't want to rebuild.
Embeddable UI components — drop-in widgets you mount inside your own app — are on the roadmap, not shipping today. If a component library is a launch requirement, talk to us before you commit.
Commercially, white-label is scoped in the Custom tier: white-label SaaS distribution, committed usage bands, and rollout support, priced per engagement rather than off the Starter/Growth grid.
Choose white-label when you sell accounting to your own customers — vertical SaaS, neobanks, accounting firms, fintech platforms — and our name should never appear on their books.
Private deployment / BYOC — your cloud
For teams whose compliance posture or network boundary rules out shared infrastructure: dedicated infrastructure or bring-your-own-cloud, with private networking where the engagement calls for it.
This is not a checkbox; it's a scoped engagement. Usage, support, infrastructure, security review, and rollout support are scoped together under the Custom tier — deployment shape, region, and operational responsibilities get decided with your security reviewers in the room, not discovered after signature. Bring them: we'll walk architecture, controls, and documentation in detail.
Choose private/BYOC when a regulator, a procurement gate, or your own security policy requires the ledger to run inside infrastructure you control — and accept that the path starts with a conversation, not a sandbox key. (You can and should still evaluate the product in sandbox first; it's the same API surface.)
What stays the same in every model
The deployment model changes who hosts and who your customers see. It does not change the product:
- Same OpenAPI surface. One API contract across managed, white-label, and private. Code you write against sandbox is the code you ship, whichever model you land on.
- Same ledger guarantees. Double-entry, balance-validated postings — unbalanced entries are rejected, not corrected silently. Journal history is append-only; writes are idempotent via client-supplied keys.
- Full export, no lock-in. Your data can be exported in full at any time; we don't lock the ledger behind the product.
- Same ownership terms. Your data is yours — processed to provide the service, not sold or used for advertising. A DPA and sub-processor list are available on request during evaluation.
On posture, stated plainly: managed infrastructure runs on Google Cloud and Cloudflare, both independently SOC 2 and ISO 27001 certified at the infrastructure layer. Paprel's own formal certifications are on the roadmap — we don't make certification claims we haven't earned, and we share current controls and documentation directly during evaluation. Uptime is a 99.9% target. If a specific certification or control gates your decision, raise it early and we'll be candid about where we are.
Where to go next
- Build embedded accounting in 20 minutes — the sandbox path every model starts from
- White-label platform setup — tenants, roles, and scoped tokens under your brand
- Security & trust — controls, data ownership, and compliance posture in full
- Pricing — Starter and Growth self-serve; Custom tier for white-label and private deployment