Deployment Models

CAO Studio hosts and operates the service. The consultant signs in at the public CAO Studio URL; all workshops, engagements, reports, and the CAO Brain run on CAO Studio's hosted infrastructure.

In this mode CAO Studio may process customer content, user account data, logs, AI requests, and outputs depending on configuration. External infrastructure and LLM subprocessors may be used — the current list is on the Subprocessors / LLM Providers page.

If you are evaluating the SaaS deployment, review:

• Privacy Notice
• DPA overview
• Subprocessors
• AI Use Disclaimer

The customer operates the application in its own environment, unless agreed otherwise. CAO Studio ships an installable that the customer runs locally or on infrastructure the customer controls.

The customer is responsible for hosting, access control, backups, network security, and local configuration. The LLM provider and data flow depend on the customer's configuration; the deployment calls the LLM through CAO Studio's central CAO Server in the EU and the customer's installation never holds an LLM API key.

CAO Studio may only process customer data when support, telemetry, managed services, cloud LLM routing, or maintenance access is enabled. The customer remains responsible for its own legal basis, user notices, AI governance, access management, and a DPIA where required.

If you are evaluating the client-server deployment, review:

• Privacy Notice (local-client section)
• DPA overview
• Subprocessors — see the "Applies to client-server" column
• AI Use Disclaimer