Skip to content

Architecture

Canvas is a browser-based Platform-as-a-Service for Builder Organizations. You describe what you need, and the platform builds, tests, and ships production-grade software for you, on infrastructure hosted in Germany. Your code is yours.

The core insight: builders are business people, not developers. Canvas gives them a managed development environment in the browser, not developer laptops to set up and secure.

This page describes the shape of the system and how your app gets built and runs. For the security posture in detail, see the Security & Trust Overview.

Canvas platform architecture: the control plane where you and the AI assistant work, your isolated dev/staging/production environments, and your dedicated data stores, all hosted in Germany.

Three layers, all hosted in Germany:

  • The Canvas platform (control plane) is where you and the AI assistant work: planning, building, testing, and deploying.
  • Your isolated application environments are where your apps actually run.
  • Your dedicated data stores hold your production data.

Handing a non-developer a local development machine (a laptop with admin rights and a local toolchain) is a burden for IT and a real security risk: the machine can be broken, data can leak, configuration drifts.

Canvas gives every builder a managed development environment in the browser instead:

  • Nothing to install on the device. A browser is all that is required.
  • The AI assistant and hot reload, for fast build-and-test.
  • Fully managed and sandboxed by Canvas, end to end.

This is both more useful (zero setup, instant, fast iteration) and more secure (no local admin, nothing on the endpoint, no way to break your own machine, central control, a smaller attack surface). IT managers manage access, not machines.

You describe what you need. The platform then:

  1. Plans the work with you.
  2. Builds it, writing the specification and the implementation.
  3. Tests it and runs quality and security guardrails automatically.
  4. Deploys it.

Guardrails run automatically, so quality and security checks are not optional steps a builder can skip. You own all generated code, with full version history in Git.

Every app gets three isolated environments:

  • Dev, to build and iterate.
  • Staging, to preview.
  • Production, the live app.

You promote a change from one to the next when it is ready.

Where your app runs and where your data lives

Section titled “Where your app runs and where your data lives”

Your applications run in per-customer isolated environments on a Kubernetes-based workload cluster, hosted in Germany. Production environments get dedicated, separately provisioned data stores (database, cache, and S3-compatible object storage) for your app.

The request path is straightforward: your end-users reach your production app, and your app reads and writes its own dedicated data stores. Your data stays in Germany.

Your workloads are fully isolated from Canvas’s own control plane and back-office systems, reaching only the narrow, explicitly-allowed paths they need. On top of that:

  • Each workload runs in its own hardware-isolated sandbox.
  • Each organization has separate namespaces.
  • Networking is default-deny between workloads: nothing reaches anything else unless explicitly allowed.
  • Production data stores are dedicated per customer.

For the encryption, access-control, backup, and monitoring detail, see the Security & Trust Overview.

The AI assistant, your code, and your data

Section titled “The AI assistant, your code, and your data”

The AI assistant works on your code, schemas, and build artifacts, not on the personal data your application processes in production. Real personal data is kept out of development environments, where the assistant operates.

The model behind the assistant is an implementation detail. Code-generation work is routed across a mix of models: EU and Germany-hosted providers, self-hosted open-weight and open-source models, and Canvas’s own models, and may use a provider outside the EU for some workloads. In every case, only code and build artifacts are sent, never your personal data. We do not use your code or data to train AI models.

Canvas builds on open standards: Kubernetes, containers, Git, OIDC, and TLS. The applications it generates are standard and follow the twelve-factor approach, so they are portable and self-hostable. You can export your code and data at any time. No lock-in.

Security is a shared model:

  • Canvas runs and secures the platform and the underlying infrastructure.
  • You own the application you build: its data, the lawful basis for processing it, and access control within the app.

For the full security posture, see the Security & Trust Overview. For data protection, see the Privacy Policy and, for the personal data your applications process, the Data Processing Agreement (AVV / DPA).