phi·cloud
HomeNetworkComplianceAPIPricingDocs
Log inGet an API key

Alternatives

phi-cloud vs AWS Bedrock — picking your jurisdiction.

Bedrock ships a mature, hyperscaler-grade BAA under the AWS umbrella. phi-cloud ships an OpenAI-compatible API with per-request residency and a Swiss-resident PHI tier. The decision is rarely either/or — here is the honest framing.

Get an API keyRead the docs

At a glance

Side-by-side, on the dimensions a security review asks about.

Bedrock is the AWS-managed model marketplace; phi-cloud is a stateless gateway. The rows below compare what each one actually ships today — not what either roadmap might bring.

Dimension
AWS Bedrock
phi-cloud
Drop-in OpenAI API shape
Bedrock has its own SDK and request shape. OpenAI clients do not work as-is.
Yes — swap base_url to https://phi-cloud.com/v1 and the OpenAI SDK works.
HIPAA BAA program
BAA covered under the standard AWS BAA at the account level.
BAA in progress. PHI routes today under a filed Swiss nFADP/GDPR DPA.
Data residency model
AWS Region-scoped: chosen per account/endpoint. Not per request.
X-Region header pins each request to a jurisdiction at the edge.
PHI vs general gate per call
Not enforced per request. You set the boundary in your own code.
X-PHI: true filters to PHI-eligible routes; refused (403) if none.
Audit headers on every response
CloudTrail at the account level; nothing on the response itself.
x-phi-tier, x-phi-routed, x-phi-attempts on every call.
Where the proxy sits
AWS-operated, US-headquartered. CLOUD Act applies.
PHI traffic resident in Switzerland (Infomaniak). Swiss data law.
Sub-processor transparency
Per-model terms inside the AWS BAA umbrella.
Single PHI sub-processor (Infomaniak CH) under a filed DPA.
Pricing model
Per-model token pricing plus AWS account billing.
Upstream per-token + flat 8% gateway margin. Non-PHI tier $0.
Procurement on-ramp
Requires an AWS account, IAM, and BAA acceptance.
Self-serve key in minutes. Stripe billing, no account negotiation.

Fair caveat: AWS Bedrock genuinely covers HIPAA at the account level under the standard AWS BAA. phi-cloud's edge is per-request residency and a Swiss-resident PHI tier — useful when AWS's jurisdictional surface is the constraint, not when it is acceptable.

When to pick each

Jurisdiction first — model second.

The choice between Bedrock and phi-cloud is mostly about where you need the data to sit and under whose law. Models, pricing, and SDK ergonomics are secondary — both stacks can carry the workload.

Pick AWS Bedrock when…

  • You are already on AWS, have an account-level BAA, and want everything under one bill.
  • A US-region-scoped BAA satisfies your data residency and procurement constraints.
  • You can absorb the Bedrock SDK (or its OpenAI-compat adapter) into your stack.

Pick phi-cloud when…

  • You need data resident outside the US (Switzerland, EU) under a Swiss DPA, not under the AWS BAA umbrella.
  • Per-request residency matters — the same key serves CH, EU, and US traffic without account juggling.
  • You want a single drop-in OpenAI base URL across providers and a hard PHI vs general gate per call.

Hybrid pattern

  • Route US-resident PHI to Bedrock under your AWS BAA — that posture is mature and well-understood.
  • Route CH or EU-resident PHI to phi-cloud (X-PHI: true) — it pins to the Swiss sub-processor.
  • Use phi-cloud's OpenAI shape as the unified client surface; the router picks the right backend.
See the routing contract

FAQ

Questions a procurement team will ask.

Is phi-cloud HIPAA-compliant today?

A signed customer BAA is in progress, not earned — and we do not market phi-cloud as HIPAA-covered until that lands. What ships today: PHI requests pin to Infomaniak (Switzerland) under a filed nFADP/GDPR DPA, and the router refuses (403 phi_blocked) rather than spill PHI to a non-eligible provider. AWS, by contrast, covers Bedrock under its standard account-level BAA today.

Why pick a Swiss-resident gateway over the AWS BAA?

The AWS BAA is excellent for US-resident PHI. It is not the right answer when your regulator wants data resident outside the US, or when the CLOUD Act creates an unacceptable disclosure surface. phi-cloud routes PHI through a Swiss sub-processor under Swiss law — a different jurisdictional posture, not a better-or-worse one.

Is Bedrock OpenAI-compatible?

Not by default. Bedrock exposes its own InvokeModel / Converse APIs and uses its own SDK. OpenAI clients require an adapter layer to translate. phi-cloud, in contrast, is OpenAI-compatible by design — your existing SDK works after a base_url swap.

Can I use AWS Bedrock and phi-cloud together?

Yes — and several teams do. A common pattern is Bedrock for US-resident PHI under the AWS BAA, plus phi-cloud for CH or EU-resident traffic where Swiss-law sub-processing is required. Both can sit behind one application-level router; phi-cloud's OpenAI shape often becomes the unified client surface.

How does per-request residency differ from picking an AWS Region?

In Bedrock you pick a Region per account or per endpoint. To serve EU and US traffic under different residencies you provision separately. With phi-cloud the X-Region header is set per request, the router pins on every call, and a wrongly tagged request fails closed instead of silently crossing a border.

Read the posture before you file the questionnaire.

The compliance page lists what is earned, what is in progress, and where the sub-processor sits. The signup page gives you a key you can paste into the OpenAI SDK in under a minute.

See the live postureGet an API key