Stop losing deals you should be closing

Package once.
Deploy anywhere.
Close the deal.

Your enterprise prospects want on-premise deployment. You don't have a credible story. Every deal that requires data sovereignty is a deal you lose. Sigilla fixes that — in one afternoon.

Get vendor access How it works ↓
sigilla-cli — Vendor packaging tool
// Package your app once. Works at every customer site.
 
sigilla package --app ./my-app --sign vendor.key
 
→ Validating manifest...      
→ Declared egress: sensor-db.internal:5432
→ Signing with RSA-4096...   
→ Package created: my-app-2.3.1.sigilla
 
Done. Send this file to your customer.
    They deploy it. You close the deal.

Early vendor partners wanted. Get your application packaged and deployed before your next enterprise conversation. Personal onboarding included.

Get early access →
The Problem

Every on-premise requirement
is a deal you lose.

Industrial AI vendors face the same conversation every quarter. The deal is real. The budget is there. Then procurement says: on-premise only.

PROBLEM 01

You have no on-premise story

Your product is SaaS-first. Deploying on-premise means a custom engineering project per customer — weeks of work, unpredictable costs, ongoing support burden. Most vendors just decline the deal.

PROBLEM 02

Customers can't prove you're safe

Your enterprise customers are asked by their auditors: can you prove the vendor's AI doesn't exfiltrate data? They can't answer that. So they don't buy — or they buy from a competitor with an on-premise story.

PROBLEM 03

EU AI Act changes buyer requirements

From , regulated industries deploying AI must demonstrate compliance. Customers will require vendors to provide deployable, auditable packages — not just cloud SaaS. This is happening in sales calls right now.

PROBLEM 04

Every bespoke deployment destroys margin

Even when you do manage an on-premise deal, it becomes a custom project. Different infrastructure, different IT team, different security requirements. No repeatability. No scale. Just cost and distraction.

How It Works

One afternoon of work.
Every deal unlocked.

STEP 01 — IN PLAIN ENGLISH

Write a short list of every server your application needs to talk to. That's your manifest. It takes about an hour and becomes the legal declaration your customer's auditor inspects.

STEP 02 — IN PLAIN ENGLISH

Run one command that wraps your application and your declaration into a single signed file. It proves to your customer that the file is genuinely from you and hasn't been tampered with.

STEP 03 — IN PLAIN ENGLISH

Email the file to your customer. Their IT team installs it in 30 minutes. Compliance evidence generates automatically. Same file works for every customer — you never do this twice.

Technical detail below — for your engineering team

01

Write your manifest

Declare your application's network requirements in a simple YAML file. What ports does your app need? What destinations? Sigilla validates it and turns it into the enforcement policy — the thing your customer's auditor will inspect.

network:
  egress:
    - name: sensor_db
      host: sensor-db.internal
      port: 5432
      required: true
02

Package and sign

One CLI command packages your Docker container, manifest, and cryptographic signature into a single .sigilla file. Your customer receives a file that is verifiably yours and unmodified.

sigilla package \
  --app ./my-app \
  --version 2.3.1 \
  --sign vendor.key

→ my-app-2.3.1.sigilla ✅
03

Customer deploys — you close

Your customer drops the file into their Sigilla dashboard. Done in 30 minutes. They get the compliance evidence their auditor needs. You get the signed contract. The same file works for customer #10 as customer #1.

// Customer dashboard

✅ my-app v2.3.1 deployed
✅ Network policy: enforced
✅ Compliance evidence: ready

→ Deal closed.
The ROI

The maths are straightforward.

€5,000 per deployment. Average enterprise deal: €80,000/year. One closed deal pays for Sigilla sixteen times over.

ScenarioWith SigillaWithout Sigilla
Enterprise deal requiring on-premiseClose itLose it
Time to deploy at customer site~30 minutes3–6 weeks bespoke
Customer compliance evidenceAutomaticCustomer's problem
Your 5th customer deploymentSame .sigilla file5th custom project
Sigilla cost per deployment€5,000
Average enterprise deal value€80,000/year€0 (lost)
The Sales Conversation

What to say when they ask
for on-premise.

Most vendors stumble at this moment. Here's exactly how the conversation goes — and how Sigilla changes your answer.

THEY SAY
"We can't use a cloud solution. Our data has to stay on our infrastructure. Do you support on-premise deployment?"
YOU SAY — WITH SIGILLA
"Yes. We deploy via Sigilla — a runtime isolation platform that installs on your server in 30 minutes. Your IT team controls the deployment. Your network policy is enforced at the kernel level, so our application physically cannot contact any server we haven't declared upfront. You get a cryptographically signed compliance report from day one — ready for your ISO 27001 or EU AI Act auditor. We send you one file. You're live the same day."
WITHOUT SIGILLA
"We're primarily a SaaS product. We could look at a custom on-premise deployment but it would require scoping, a longer timeline, and additional professional services fees..."
→ Deal stalls. Procurement moves on. Competitor with an on-premise story wins.
IF THEY ASK "WHAT IS SIGILLA?"
"It's a compliance runtime we use for all our on-premise deployments. It enforces a strict network policy and generates the compliance evidence your team needs for audits. Your IT team can verify everything it does independently — they're not taking our word for anything." Forward them to sigilla.io/compliance if they want to read about it themselves.
From Signup to First Deployment

Ready before your
next enterprise call.

The full onboarding takes one working day. Here's exactly what happens and when.

DAY 1
Morning

Sign up and install sigilla-cli

Create your vendor account, generate your signing key pair, install the CLI tool. Takes about 20 minutes. We send you a welcome email with a personal onboarding link.

DAY 1
Afternoon

Write your manifest and package your app

List your network destinations in the YAML manifest. Run sigilla package to build and sign your first .sigilla file. Most apps take 2–4 hours including testing.

DAY 2
Morning

Test deployment at your end

Spin up a local Sigilla instance and deploy your package. Verify the network policy is exactly as declared. Generate a test compliance report. Fix any manifest issues before the customer sees them.

DAY 2+
Any time

Send to your first customer

Email the .sigilla file. Their IT team deploys in 30 minutes. Compliance evidence generates automatically. You just closed an on-premise deal you would have walked away from.

Need help with your manifest or first deployment? We offer hands-on onboarding for early vendor partners.
Get hands-on onboarding →
Why Customers Trust It

Your customer doesn't have to
trust you. They can verify you.

Customers who can verify your claims independently close faster — and stay longer.

VERIFIABLE

They audit your declaration

Your manifest is human-readable. Their security team inspects exactly what your application claims to need — and verifies enforcement matches the declaration.

ENFORCED

Kernel-level, not a promise

Their IT team verifies the iptables rules independently. The policy is a running OS-level configuration they can inspect at any time.

SIGNED

Cryptographically yours

RSA-4096 signature means they can prove the package is unmodified and came from you. That's the vendor identity verification procurement requires.

AUDITABLE

Every update tracked

When you ship v2.4.0, they see exactly what changed in the network policy before approving. Their approval is logged. Auditor sees a clean change record.

What Your Customer Experiences

Brief your sales team.
This is what the customer sees.

When your sales team says "we support on-premise via Sigilla," here's exactly what happens on the customer side — so they can answer every follow-up question.

CUSTOMER STEP 1

Receives your .sigilla file

A single file by email. IT team verifies your cryptographic signature — confirms it's genuinely from you and unmodified. No installation required at this stage.

CUSTOMER STEP 2

Reviews your manifest

Their security team reads the YAML manifest — sees exactly which servers you've declared. They approve or raise questions before a single line of your code runs on their network.

CUSTOMER STEP 3

Deploys in 30 minutes

IT drops the file into their Sigilla dashboard. Network isolation is active immediately. They see a live feed of every connection your application makes — and every blocked attempt.

CUSTOMER STEP 4

Signs the contract

Compliance evidence is ready from day one. Their auditor's questions are answered automatically. The blocker that was delaying contract signature is gone. The deal closes.

What You Get

Everything you need to
stop losing deals.

One package, any infrastructure

The same .sigilla file deploys on Ubuntu bare metal, VMware, or any x86 Linux environment. Write once, deploy everywhere your customers are.

RSA-4096 signed packages

Every package signed with your private key. Customers verify your public key once — all future packages automatically verified as authentic and unmodified.

Compliance evidence — free

Your customer's compliance reports are generated by Sigilla, not by you. You don't write documentation per customer. It comes out of the runtime data automatically.

Structured update workflow

Ship updates as new signed packages. Customer sees what changed, approves in one click, audit trail is generated. No more risky silent updates.

Trust as a sales advantage

"You don't have to trust us — install Sigilla and verify everything we do at the OS level." That conversation closes deals your competitors can't even enter.

Air-gap deployments

Your largest prospects — rail operators, energy companies — require zero internet connectivity. Sigilla works fully offline. You can now quote for those deals.

What You Can Package Today

Honest about scope.
Because your customers will ask.

Sigilla enforces a static network policy declared upfront in your manifest. That fits a large class of industrial AI — and we want you to know exactly what qualifies before you quote a customer.

✅ PACKAGE WITH SIGILLA TODAY
  • Predictive maintenance models — fixed inputs from customer sensors, outputs to internal DB
  • Quality inspection AI — reads from production line, writes to internal dashboard, no external calls
  • Forecasting and analytics — all data stays within customer network, destinations known upfront
  • Document processing pipelines — reads from internal storage, writes classification results internally
  • Small-to-medium local models — models up to ~30B parameters running on standard server hardware
The test: can you declare all network destinations in a 10-line YAML manifest? If yes — you're ready to package.
⚠ NOT YET — ON THE ROADMAP
  • Agentic apps calling external APIs — LLM providers, web search, external tool calls at runtime
  • Very large local models (70B+) — hardware declaration and VRAM validation not yet in manifest spec
  • Multi-agent orchestration — workflows spawning sub-agents or requiring runtime human-in-the-loop
  • Dynamic egress — applications whose network destinations are determined at runtime
Building something agentic? Tell us about it — your use case shapes what we build next.
The Roadmap

Agentic AI is next.
The timing is intentional.

Most industrial AI deployed today is contained. But the most interesting — and most regulated — systems coming in 2026–27 are agentic. We're building the governance layer for both.

PHASE 2 — 2026

Local model registry

Declare GPU/VRAM requirements in the manifest. Customers run approved local LLMs (Llama, Mistral, Phi) inside the isolation boundary — no external API calls, full sovereignty.

PHASE 2 — 2026

Runtime intervention hooks

Your customer can pause, inspect, and approve agent actions mid-task. The human oversight evidence the EU AI Act requires for high-risk autonomous systems — built into your package.

PHASE 3 — 2027

Agentic audit trail

Tool call logging, prompt/response hashing, decision provenance. Your customer's auditor can trace every consequential decision your agent made — and prove it was supervised.

Vendors building agentic products: early conversations directly shape our Phase 2 design. We're talking to 5–10 vendors now.
Join the agentic preview →
Vendor Access

Stop walking away from
deals you should be closing.

We're onboarding early vendor partners now. Get your application packaged and ready to deploy before your next enterprise conversation.

No spam. Personal reply within 48 hours.

16×
ROI on first deal closed
30m
Customer deployment time
1
Package for all customers
Aug '26
EU AI Act deadline