[zbruhnke]

While this is likely true in many cases I'm in a very sensitive industry (banking) and we tend to self host things not for cost reasons but for security reasons. We spend a lot of time going through pen tests, getting SOC2 compliance, etc.

Handing off something this critical can cause an even more painful audit in many cases so just a thought to consider cost is sometimes not the only factor.

Looks like a really cool product though!

[colinchartier]

We're actually in the process of getting SOC2 and pen tests ourselves - another benefit of a hosted offering is it can (eventually) integrate into your compliance system (e.g., vanta)

A lot of our customers are in fintech (payroll, banking, etc) so we've spent a lot of effort on our security model: https://layerci.com/security

[athosblade]

Not in banking industry but startup I'm working with is in the middle of getting SOC2 compliance.

Any pointers I should consider on engineering side?