voiceOne in your own data centre. Your data stays with you.
The complete voiceOne platform — AI phone assistant, agent softphone, CRM and workflow automation — installed in your own infrastructure. Your PostgreSQL database, your SIP telephony, your LLMs. Optionally fully air-gapped. For everyone who cannot let their data leave the building.
Why On-Premises?
Because some data must never leave your building. Because audit requirements rule out cloud setups. Because you want to decide who accesses what, and when.
Full data sovereignty
Patient records, client matters, financial data, citizen data — all stays on your hardware. No SaaS agreements, no processor debates, no cloud hops.
Compliance without workarounds
SRA for solicitors, DSPT for NHS providers, FCA for financial services, ICAEW/CIOT for accountants, Cyber Essentials Plus for public sector contracts. On-Prem is often the only path that works without special dispensation.
Native integrations
Direct access to PAS, EMIS, SystmOne, Clio, LEAP, Iris, Sage, your DMS, your line-of-business systems. No VPN tunnelling, no reverse-proxy maze. Local-network performance.
Your LLMs & voice stack
Azure OpenAI in your tenant, Anthropic via AWS Bedrock VPC, or local open-source models (Llama, Mistral, Qwen) on your own GPUs. Speech synthesis optionally local as well.
Air-gapped if needed
Where required: completely offline. Updates via signed trusted transfer (USB, data diode). Suitable for government, defence and critical national infrastructure without internet access.
Predictable & auditable
One-time setup investment instead of monthly per-seat creep. Fully auditable: every data flow, every LLM call, every session in your own logs — no black box.
Cloud vs Private Cloud vs On-Premises
Which model fits your compliance, performance and sovereignty requirements?
| voiceOne Cloud | Private Cloud (Azure/AWS in your tenant) | voiceOne On-Premises | |
|---|---|---|---|
| Hosting location | Hetzner DE (Falkenstein) | Your cloud tenant, UK or EU region | Your data centre / your servers |
| Data sovereignty | Data processing agreement (DPA) | Shared responsibility | 100% with you |
| SRA / legal privilege-fit | With confidentiality clauses | Yes | Yes, without caveats |
| Air-gapped option | No | No | Yes (optional) |
| SIP connectivity | voiceOne SIP provider | Your own SIP trunk possible | Your phone system / your trunk |
| LLM provider | Managed by voiceOne | Azure OpenAI in your tenant | Free choice incl. local models |
| Updates & patches | Automatic | Semi-automatic | You decide on timing |
| Commercial model | Self-service, monthly rolling | Custom quote | Setup + annual licence |
| Time to production | Immediate | 2–4 weeks | 4–8 weeks |
| Typical audience | SMEs, sole traders, quick trial | Mid-market with cloud strategy | Healthcare, Legal, Public Sector, CNI |
Who is On-Premises built for?
Sectors with special protection, confidentiality or audit requirements.
NHS trusts, GP federations & private clinics
Patient data cannot leave your DSPT-compliant boundary. voiceOne On-Prem connects to your PAS (HL7/FHIR), your EMIS/SystmOne instance and your existing UK telephony.
- HL7/FHIR PAS integration
- DSPT-aligned, NHS-compatible
- Integrates with the mediOne stack
Law firms & chambers
Solicitor-client privilege and SRA requirements rule out classical SaaS for many firms. On-Prem with integration to Clio, LEAP, Actionstep or iManage — all client communication stays in-house.
- SRA-compliant without exceptions
- Clio / LEAP / Actionstep / iManage
- Optional CMS / time-recording sync
Accountants & auditors
Iris/Sage integration on your own network, client matters under your control. Ideal for ICAEW/CIOT-regulated firms with 50–500 staff who have their own cloud strategy.
- Iris / Sage / Xero integration
- HMRC MTD-compatible audit logs
- Strict client-to-client separation
Councils & agencies
Citizen data belongs in a Cyber Essentials Plus-aligned environment. voiceOne On-Prem runs in your council cloud or local server rooms, optionally air-gapped.
- Cyber Essentials Plus / NCSC guidance
- Integration with line-of-business systems
- Multi-tenancy for shared-service consortiums
Technical architecture
Container-based. Open. Auditable. Runs on your existing infrastructure.
Platform & runtime
- Container: Docker Compose or Kubernetes (Helm charts included)
- OS: RHEL 8/9, Ubuntu 22.04 LTS, SUSE Linux Enterprise
- Minimum hardware: 8 vCPU, 32 GB RAM, 500 GB SSD (standard setup)
- GPU optional: 1× NVIDIA L4 or better for local LLM inference
Database & storage
- DB:
PostgreSQL 15+(your instance or managed in your cloud) - Cache: Redis 7
- Storage: S3-compatible (MinIO included, or your Ceph / NetApp)
- Backup: 4-layer concept: pg_dump every 6h, verify, off-site, SMS alert
Telephony & voice
- SIP trunk: Your provider (Gamma, BT Wholesale, TalkTalk Business, Voicehost) or your own
- Phone system: 3CX, Cisco, Avaya, Mitel, Asterisk, FreeSWITCH, Teams Direct Routing
- WebRTC: Browser and mobile softphone directly against your instance
- Recordings: AES-256, storage location and retention defined by you
AI providers (your choice)
- Cloud LLM: Azure OpenAI (your tenant), AWS Bedrock (Claude in your VPC)
- Local: Llama 3, Mistral, Qwen — vLLM or Ollama on your own GPUs
- Speech synthesis: ElevenLabs Enterprise or local (Coqui, Piper, F5-TTS)
- Speech-to-text: Deepgram, Azure Speech or local (Whisper)
Identity & access
- SSO: SAML 2.0, OIDC, OAuth2 (Keycloak, Azure AD, Okta, ADFS)
- Directory: LDAP, Active Directory
- RBAC: Fine-grained role model, tenant separation
- Audit: Full audit log, export to Splunk, ELK, Graylog
Operations & monitoring
- Metrics: Prometheus exporter, Grafana dashboards
- Logs: structured JSON, compatible with all SIEM solutions
- Health checks: Liveness/readiness probes for K8s
- Updates: Quarterly majors, monthly patches, signed
Compliance & certifications
voiceOne On-Prem ships with audit packages to support your compliance team through the certification process.
From enquiry to go-live
Standard playbook for the most common stacks. More complex integrations take proportionally longer.
Architecture call & requirements gathering
We understand your stack: phone system, identity provider, PAS/CRM, compliance requirements. You receive a solution proposal with architecture diagram and firm quote.
Test installation & PoC
voiceOne runs in your test environment. SIP connection, SSO, a first AI agent on your data. You evaluate with real-world use cases.
Production rollout & integrations
Roll-out to production. Integration with PAS / CRM / DMS. Workflow configuration. Monitoring and backup set up. Audit packages handed over.
Training & go-live
Administrator training (2 days), end-user training (half day). Supported go-live with 4-week hypercare phase (daily contact).
Book a personal consultation
No sales pitch, no newsletter. A 45-minute call with our solution architect on your requirements and our answer to them.
Frequently asked questions
Yes. Voice data, transcripts, CRM records, recordings and logs sit exclusively on your hardware — in your data centre or your private cloud (Azure, AWS, OVH, Hetzner Dedicated). voiceOne requires no outbound data flow to operate. Fully air-gapped delivery available on request (updates via signed USB / trusted transfer).
Your choice: (a) Azure OpenAI in your own tenant (UK or EU region, no training opt-in), (b) Anthropic Claude via AWS Bedrock in your VPC, (c) locally hosted open-source models (Llama 3, Mistral, Qwen) on your own GPU hardware — completely offline. Speech synthesis likewise available via ElevenLabs Enterprise endpoint or locally (Coqui, Piper, F5-TTS).
voiceOne On-Prem connects via SIP trunk to your existing phone system (3CX, Cisco, Avaya, Mitel, Asterisk, FreeSWITCH, Microsoft Teams Direct Routing). Alternatively, voiceOne can run as a full telephony solution with your chosen UK SIP provider (Gamma, BT Wholesale, TalkTalk Business, Voicehost). Mobile softphone (iOS/Android) and browser softphone connect via WebRTC directly to your instance.
UK GDPR, DSPT (Data Security and Protection Toolkit for NHS organisations), ISO 27001-ready (control mapping available), Cyber Essentials Plus-ready, SRA-compliant (for solicitors), ICAEW/CIOT requirements (for accountants), CQC-aligned (for care providers), HIPAA-ready (for transatlantic deployments). We supply audit packages, technical documentation and support your compliance team through the certification process.
Three models: (1) Self-hosted — we supply container images, Helm charts, documentation and updates. (2) Managed On-Prem — we operate the system remotely in your data centre via bastion host (two-factor + audit log on every session). (3) Hybrid — application runs at your site, 24/7 monitoring and patch management from us over a secure read-only channel.
Architecture workshop + PoC: 2–3 weeks. Full go-live including SIP connection, LDAP/SAML integration, data migration and staff training: 4–8 weeks. We have standard playbooks for the most common stacks (Active Directory, 3CX, FreeSWITCH, Azure AD, Keycloak, Microsoft Teams Direct Routing).
A one-off setup fee (installation, configuration, training, go-live support) plus an annual licence covering a standard instance with all modules. Scales by tier with seats and locations. Support SLA options: Business Hours, 24/7, or dedicated Customer Success Manager. A concrete quote follows a non-binding architecture call — based on seats, sites, modules and SLA.
Yes. Quarterly major releases, monthly security patches, immediate hotfixes for critical CVEs. Updates are first verified in your test environment. For air-gapped installations we deliver signed update packages via trusted transfer (USB, data diode). You retain full control over roll-out timing.
Let's talk about your architecture.
45 minutes with our solution architect. Specific. Technical. No sales loops.