Over the past 15 years, we built Clever Cloud to avoid that trade-off, to offer a versatile European platform with managed services, on infrastructure we control, from partners or yours. Where your application always runs the way you designed it.
A complete platform, not a compute layer
What sets Clever Cloud apart is not any single feature — it is the breadth of what runs natively on the platform, managed by our team, on our infrastructure.
Deploy applications in 18 runtimes: Node.js, Bun, Python (with uv), Java (Gradle, Maven, WAR), PHP, FrankenPHP, Ruby, Go, Rust, .NET, Elixir, Scala, Haskell, V, Meteor.js, Docker, and two static runtimes — one based on Static Web Server/Caddy with automatic SSG detection (Hugo, Astro, Docusaurus, Zola, VitePress, Nuxt, MkDocs, mdBook, Storybook), the other on Apache with .htaccess support for SPAs and rewrite rules. If none of these fit, push a Dockerfile — full filesystem, TCP/UDP ports, multiple processes, your rules.
But compute is only the beginning. The platform includes managed PostgreSQL (versions 14–18, 40+ extensions, replicas, Pgpool-II), MySQL, MongoDB, Redis, Elastic Stack, and Materia KV — a serverless key-value store built on FoundationDB, replicated across three datacenters, with a Redis-compatible API. S3-compatible object storage with Cellar. Persistent filesystem with FS Buckets. Distributed pub/sub messaging with Apache Pulsar. An API gateway with Otoroshi. Identity management with Keycloak. Business intelligence with Metabase. Privacy-respecting analytics with Matomo. Git hosting with Heptapod. Transactional email with Mailpace. Easy ways to deploy preview applications from GitLab or GitHub.
Every database can be encrypted at rest with LUKS2/AES-XTS. Every service is provisioned as a managed add-on — one click, environment variables injected, integrated with your applications.
Co-built with open-source partners, integrated as managed services
Several of these services — Otoroshi, Keycloak, Metabase — are not just products we bundle. We co-build them with their respective communities, contribute, and operate them as fully managed offerings on our infrastructure. When we add a feature to Otoroshi or work on Keycloak’s deployment model, that work benefits the open-source project and every Clever Cloud customer.
This approach extends beyond software. We are building an ecosystem of partners — resellers, system integrators, and technology partners — who bring domain expertise on top of the platform. Our academy trains teams to operate confidently on Clever Cloud, from onboarding to production. The goal is not to lock anyone in, but to create a network of people and organisations who know how to build well on European infrastructure.
Request flow: a programmable middleware chain
HTTP traffic on Clever Cloud does not go straight from the internet to your application. It passes through our Rust-based load balancer Sōzu and you can configure a chain of middleware — the Request Flow — that you control with a single environment variable.
Set CC_REQUEST_FLOW to compose a pipeline from built-in services: Varnish for HTTP caching, Redirection.io for URL rewrites and SEO-friendly redirects, OAuth2-Proxy for authentication, Otoroshi Challenge for request verification. Or plug in your own reverse proxy with CC_REQUEST_FLOW_CUSTOM, the platform handles port allocation automatically.
Need to cut public HTTP access entirely while keeping private networking alive? Set the flow to block. The platform returns a 200 OK to health checks while refusing all other traffic. Your application stays reachable through Network Groups, but invisible from the internet.
This is not a feature you find on most PaaS. Typically, you either get a fixed reverse proxy you cannot configure, or you set up your own Nginx/Caddy/HAProxy and manage it alongside your application. On Clever Cloud, the middleware layer is a first-class platform service.
Mise: one config file for tools, tasks, and environments
Every Clever Cloud runtime comes with Mise and can automatically add tools before the build phase. Drop a mise.toml at the root of your project, and Mise handles tool versions, environment variables, and build/run tasks declaratively.
This means you can install Deno on a Node.js runtime, get Bazel to build your project, pin a specific Hugo version on a Static runtime, or define build commands that work identically on your laptop and in production — without writing shell scripts or customising buildpacks. On the Linux runtime, Mise tasks are first-class: the platform checks for CC_BUILD_COMMAND/CC_RUN_COMMAND first, then Mise tasks, then Makefile targets.
Private networking with WireGuard and Tailscale
Network Groups create encrypted WireGuard overlay networks between your applications, add-ons, and external peers. Each member gets internal DNS resolution (<memberID>.m.<ngID>.cc-ng.cloud), all ports are accessible within the private network, and traffic never touches the public internet. Build microservice topologies where services communicate privately and only the API gateway faces the public.
For teams already using Tailscale, the integration is native: set TAILSCALE_AUTH_KEY and each application instance joins your Tailscale network as CC-<NAME>-<INSTANCE_NUMBER>. Use TAILSCALE_LOGIN_SERVER to point at a self-hosted Headscale control server. Accept DNS settings, advertise routes — it works the way you expect.
We also support IPSec and OpenVPN for environments that require them. Dedicated outgoing IP addresses are available for firewall whitelisting.
API first, AI ready
Clever Cloud is exposed as an API, built with Infrastructure-as-Code in minde. We built our own integrations on top of it. From the web Console to Terraform provider and major tools such as Kubernetes Operator, the Clever Tools CLI and its amazing AI Skills.
To ease AI usage, we provide LLMs.txt documentation summary, all pages are provided in Markdown format when requested by your favorite tools. Want to explore a deployed application ? clever ssh gives you a shell on your production instances, but you can also use clever ssh --command 'any command' and directly get the results. A great feature when you need Claude Code, Codex, Gemini or OpenCode to debug a running application.
Observability: Grafana, Warp 10, and custom metrics built in
Every service comes with a Grafana dashboard. CPU, RAM, disk, network, and requests per second are collected automatically. Pre-configured dashboards live in a “Clever Cloud” directory, and you can create your own, including alerts that notify you when consumption crosses a threshold.
Under the hood, metrics are stored in Warp 10, a geospatial time-series database with microsecond precision you can query with WarpScript — a stack-based language.
For custom instrumentation, push to StatsD on port 8125 or expose a Prometheus endpoint on localhost:9100. The platform collects over 170 Telegraf metric classes, all labelled with owner_id, app_id, host, and deployment_id. Blackfire profiling and New Relic integration are available for deeper application-level analysis.
Most platforms charge extra for observability, limit retention to hours or days, or require you to set up external tooling from day one. On Clever Cloud, logs are retained for 7 days with regex search, access logs come in multiple formats (CLF, JSON with geolocation and TLS version), and log drains forward to Syslog, Elasticsearch, Datadog, or New Relic without per-gigabyte surcharges.
Otoroshi: API gateway, WAF, and LLM gateway in one
Otoroshi is not just a reverse proxy. It is a managed API gateway that includes a Coraza WAF running OWASP Core Rule Set in WebAssembly — detection or prevention mode, custom rules per domain, audit logs for compliance. No “Enterprise tier required” caveat.
The LLM extension turns Otoroshi into a unified gateway for large language models, exposing an OpenAI-compatible API that routes multiple providers: OpenAI, Anthropic, Mistral, Cloud Temple, DeepSeek, Gemini, Groq, HuggingFace, Ollama, OVHcloud, Scaleway and others. Semantic caching reduces redundant calls. Quota management controls costs. Automatic failover switches providers transparently when one is down. Prompt fencing prevents sensitive information leakage. MCP (Model Context Protocol) support lets you build tool-using agents.
This runs as a managed service on your Clever Cloud account — no separate vendor, no per-token markup. It’s the tool we chose to build the technology at the core of Clever AI.
Clever Tasks: run, pay, stop
Not every workload is a web server. Clever Tasks are applications that execute a command and shut down. Define any application as a Task, set CC_RUN_COMMAND="python manage.py migrate", trigger with git push or clever restart, and the scaler runs for exactly as long as the command takes. You pay for build and execution time, per second.
Use them for database migrations, test suites, file conversions, data processing, compilation jobs — anything that should not run on an always-on instance. Chain multiple commands with && or wrap them in a script. Every environment variable from your application is available.
This is fundamentally different from cron-based schedulers with 10-minute minimum intervals, 5-task limits, and “execution is expected but not guaranteed” disclaimers. A Clever Task runs when you tell it to, for as long as it needs to, and stops when it is done.
European infrastructure, real sovereignty
Clever Cloud runs on infrastructure we operate across many regions: Paris, Gravelines, Roubaix, London, Warsaw, Montreal, Singapore, and Sydney. We partner with European providers — OVHCloud, Scaleway — and do not depend on a single US hyperscaler. Our approach to sovereignty is structural: 100% French capital, European-only hosting, no exposure to extra-territorial legislation.
Several regions carry HDS certification (Hebergement de Données de Santé), the French regulatory standard for hosting health data. This applies to all managed databases in those regions — PostgreSQL, MySQL, MongoDB, Redis, Elastic Stack — not just a subset. It is not an add-on with a monthly surcharge; it is built into the infrastructure. For organisations requiring the highest level of qualification, we also offer SecNumCloud-grade options within our cloud offer.
Data stays in the region you choose. There is no “default to us-east-1” behaviour, no background replication to a jurisdiction you did not select, no fine print about processing data in another country for operational purposes.
Predictable pricing
Billing is per second, based on instance size and runtime duration. Not per invocation. Not per request. Not per edge cache hit. Not per million operations on a key-value store. Your monthly bill varies by roughly ±5%, because it tracks actual compute usage — not traffic spikes multiplied by unit rates you did not notice in the pricing page.
Log drains do not cost per gigabyte. Grafana dashboards and Warp 10 metrics are included. Databases backups are included. Observability is included. You do not need to budget for six line items just to see how your application is performing.
What we are building next
We know where the platform needs to grow and listen to market needs Clever Kubernetes Engine is our current development priority. But we also work on many new features and services. Want to tell us what you expect the most? There a survey for that.