Cloud Deployment Options
Cloud Deployment Options for Drop
Rebrand note (2026-02-14): Originally titled "FontelePay". Product rebranded to Drop. See Drop CLAUDE.md.
Date: 2026-02-05 Purpose: Evaluate cloud deployment options for European mobile banking MVP
Requirements Summary
| Requirement | Priority |
|---|---|
| Next.js support (static + SSR/API routes) | Must-have |
| EU data residency (GDPR) | Must-have |
| Financial compliance ready (PCI-DSS, SOC2) | Must-have |
| Cost-effective for MVP | High |
| Easy CI/CD integration | High |
| Scalability for production | Medium |
Provider Comparison
Overview Table
| Feature | Vercel | AWS (Amplify/Lambda) | Google Cloud Run |
|---|---|---|---|
| Next.js Support | Native (created by Vercel) | Full SSR support (v15) | Via container deployment |
| EU Regions | Edge caching only | Frankfurt, Ireland, Paris, Stockholm + ESC | Frankfurt, Belgium, Netherlands, Zurich |
| Data Residency | US-based storage* | Full EU residency available | Full EU residency available |
| PCI-DSS | v4.0 (SAQ-D AOC) | v4.0.1 certified | v4.0.1 certified |
| SOC 2 | Type 2 certified | Type 2 certified | Type 2 certified |
| ISO 27001 | Certified | Certified | Certified |
| GDPR | EU-US DPF certified | Compliant | Compliant |
| Ease of Use | Excellent | Moderate | Moderate |
| Vendor Lock-in | Medium | Low | Low |
*Vercel: Static assets and function responses cached in EU, but primary storage remains US-based.
Detailed Analysis
1. Vercel
Strengths:
- Native Next.js support (Vercel created Next.js)
- Zero-config deployment from Git
- Excellent DX (Developer Experience)
- Edge Functions for low latency
- Preview deployments per PR
- PCI-DSS v4.0 compliant
- SOC 2 Type 2, ISO 27001 certified
Weaknesses:
- No true EU data residency - data primarily stored in US
- Per-seat pricing scales poorly for teams
- Limited backend flexibility
- Enterprise tier required for some compliance features
Pricing:
| Tier | Cost | Includes |
|---|---|---|
| Hobby | Free | 100GB bandwidth, limited features |
| Pro | $20/user/month | 1TB bandwidth, $20 credits, viewer seats free |
| Enterprise | Custom | SAML SSO, SLAs, dedicated support |
GDPR Concern: Vercel is certified under EU-US Data Privacy Framework, but for banking applications requiring strict EU data residency, this may not be sufficient. Functions can run in EU regions, but metadata and logs may still traverse US infrastructure.
2. AWS (Amplify + Lambda)
Strengths:
- True EU data residency with European Sovereign Cloud (ESC)
- Full Next.js 15 SSR support via Amplify
- 140+ security certifications including PCI-DSS v4.0.1
- Frankfurt region well-established for EU fintech
- Pay-per-use with generous free tier
- No per-seat pricing
- Full infrastructure control
Weaknesses:
- Steeper learning curve
- Complex billing (multiple services)
- Requires AWS expertise
- CI/CD via external tools (GitHub Actions, GitLab)
Pricing (AWS Amplify):
| Resource | Free Tier | Paid |
|---|---|---|
| Build minutes | 1,000/month | $0.01/min |
| Data served | 15 GB/month | $0.15/GB |
| Data stored | 5 GB/month | $0.023/GB |
| SSR requests | Varies | ~$0.20/1M |
Estimated MVP Cost: $5-25/month for low-moderate traffic
European Sovereign Cloud (ESC): Launched January 2026, provides EU-resident personnel and hardware-enforced access restrictions. Ideal for regulated financial services.
3. Google Cloud Run
Strengths:
- Containerized deployment (flexible)
- Full EU data residency (Frankfurt, Belgium, Netherlands, Zurich)
- PCI-DSS v4.0.1 and SOC 2 certified
- Generous free tier
- Auto-scaling to zero
- Pay only for actual compute time
Weaknesses:
- Requires containerization (Dockerfile)
- No native Next.js integration
- More DevOps overhead
- Less seamless than Vercel for frontend
Pricing (Tier 1 - EU regions):
| Resource | Free Tier | Paid |
|---|---|---|
| CPU | 180,000 vCPU-seconds/month | $0.000024/vCPU-second |
| Memory | 360,000 GiB-seconds/month | $0.0000025/GiB-second |
| Requests | 2 million/month | $0.40/million |
Estimated MVP Cost: $0-15/month for low-moderate traffic (often within free tier)
Compliance Matrix for Fintech
| Certification | Vercel | AWS | GCP | Required for Drop |
|---|---|---|---|---|
| PCI-DSS v4.0+ | Yes | Yes | Yes | Yes (payment processing) |
| SOC 2 Type 2 | Yes | Yes | Yes | Yes (enterprise clients) |
| ISO 27001 | Yes | Yes | Yes | Recommended |
| GDPR | DPF | Full | Full | Yes (EU operations) |
| EU Data Residency | Partial | Full | Full | Critical |
Recommendation
MVP Phase (0-6 months)
Primary: AWS Amplify (Frankfurt region)
Rationale:
- True EU data residency - critical for banking MVP regulatory approval
- Full Next.js support - SSR, API routes, ISR all work
- Cost-effective - likely $10-30/month for MVP traffic
- Compliance-ready - PCI-DSS, SOC 2, ISO 27001 from day one
- No per-seat pricing - scales with team growth
- Path to production - same platform, just scale up
Setup recommendation:
- Region: eu-central-1 (Frankfurt)
- CI/CD: GitHub Actions
- Database: Aurora Serverless or PlanetScale (EU region)
- Auth: Cognito or Auth0 (EU tenant)
Production Phase (6+ months)
Stay with AWS but consider:
- AWS European Sovereign Cloud (ESC) for maximum compliance
- ECS/EKS for more control if needed
- Multi-region deployment (Frankfurt + Ireland) for redundancy
Why Not Vercel?
Despite excellent DX, Vercel's partial EU data residency is a significant concern for a banking application. While Vercel is PCI-DSS compliant, regulators may question data flows through US infrastructure. For an MVP seeking banking licenses or partnerships, demonstrating full EU data residency is simpler with AWS or GCP.
Why Not GCP Cloud Run?
GCP is technically excellent but:
- Requires containerization overhead
- Less native Next.js support
- Smaller fintech ecosystem in EU compared to AWS
- AWS has more established EU banking relationships
Cost Projection (12 months)
| Scenario | Vercel Pro | AWS Amplify | GCP Cloud Run |
|---|---|---|---|
| MVP (2 devs, 10k users) | $480/year | $120-300/year | $0-180/year |
| Growth (5 devs, 50k users) | $1,200/year | $300-600/year | $200-400/year |
| Scale (10 devs, 200k users) | $2,400/year | $600-1,500/year | $500-1,200/year |
AWS and GCP costs vary based on usage patterns; Vercel costs fixed per-seat
Action Items
- Set up AWS account with Frankfurt region default
- Configure Amplify for Next.js deployment
- Implement GitHub Actions CI/CD pipeline
- Document compliance controls for future audits
- Evaluate AWS ESC when banking license process begins