Heroku Private Space

What are Private Spaces?

A Private Space, part of Heroku Enterprise, is a network isolated group of apps and data services with a dedicated runtime environment, provisioned to Heroku in a geographic region you specify. With Spaces you can build modern apps with the powerful Heroku developer experience and get enterprise-grade secure network topologies. This enables your Heroku applications to securely connect to on-premise systems on your corporate network and other cloud services, including Salesforce.

How Private Spaces work
See it in action


Spaces make it simple to bring all the pieces of your architecture together, from on-premise systems to cloud services, including Salesforce, into one managed Private Space that ensures sensitive data and transactions are protected. Postgres EX, Redis EX and Connect EX are unique versions of Heroku’s leading data services that have the additional security factor of being accessible only over a space’s private network.


Within a Space, you can use powerful new primitives to create new types of application architectures. Your app runs in private dynos, smart containers which are all connected to a private network that lets them communicate with each other, so you can compose sophisticated application architectures using small, modular services. Setting up a space is as easy as naming it and clicking a button — in minutes your space is created so your team can stay focused on building great apps.


Each Space has its own runtime dedicated to only your Heroku apps, ensuring even your highest traffic apps deliver low latency performance for every user. Spaces can be deployed to a geographical region you specify to bring your Heroku apps and services closer to your users, further reducing latency. Apps in spaces run on private dynos — smart containers that fully occupy and get the performance benefit of an entire virtual compute instance.

New features for enhanced network isolation and security

Dedicated isolated runtimes

Application infrastructure, provisioned for your apps

Dedicated private networks

Private, isolated networks for internal services

Private data services

Keep your data more secure and private in your internal network

Selectable regions

Run apps in Dublin, Tokyo, Frankfurt, Oregon, Sydney, and Virginia

Stable outbound IPs

Securely connect apps to third party cloud services and corporate networks

Trusted IP ranges

Limit app access to users only on trusted networks

DNS Service Discovery

Use DNS to discover other services over a low-latency private network

Explore the docs

Expanded application architecture possibilities

Private APIs

Create apps and services accessible only from internal networks, such as intranets and internal APIs. Leverage private data storage for enhanced security and privacy

Run apps in six global regions

Run network-isolated apps in six global regions closer to your users for better application latency and experiences

New app dev architectures

Enable new app dev architectures using private networking for extensible multi-tier applications

  • Heroku Shield makes HIPAA compliance easier to execute, so now my dev teams can focus on building great apps using a modern app-dev toolset, refer to customer-sensitive data with added confidence, and ultimately provide our customers with an engaging experience that differentiates Align Technology in the marketplace.

    Align Tech Leela Parvathaneni Director of Customer-Facing Applications, Align Technology Read customer story >>
  • Heroku Service Discovery helped us build out additional metrics gathering, which provided greater insight into the services we are running in Heroku Private Spaces. Before Service Discovery was available, this would not have been possible.

    sendwithus Daniel Steuernol Platform Engineer, sendwithus

Heroku Shield Private Spaces is the easiest path to amazing, high compliance apps

Enabler for HIPAA compliance

Shield Private Spaces enable you to build amazing apps for high compliance industries like health care and life sciences that require a BAA.

HIPAA compliant apps as easy as git push heroku master

Spin up a HIPAA compliant environment in minutes and start deploying your applications with all the ease of the Heroku developer experience git push heroku master

Out of the box trust controls for high compliance apps

Your app runs in a network isolated Heroku Shield Private Space with additional trust controls for high compliance: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Learn more about Private Spaces

Please tell us more about your project and we'll be in touch.


Cloud Apps with the Trust and Control of On-Premise

Create new opportunities for app engagement while maintaining enterprise control. Learn how fintech start-up Moneytree leverages Heroku Private Spaces.

Heroku Private Spaces in Action

Walk through new architectures that are now possible for enterprise apps in this technical demo of Heroku Private Spaces.