Heroku Private Space

What are Private Spaces?

A Private Space, part of Heroku Enterprise, is a network isolated group of apps and data services with a dedicated runtime environment, provisioned to Heroku in a geographic region you specify. With Spaces you can build modern apps with the powerful Heroku developer experience and get enterprise-grade secure network topologies. This enables your Heroku applications to securely connect to on-premise systems on your corporate network and other cloud services, including Salesforce.

How Private Spaces work
See it in action


Spaces make it simple to bring all the pieces of your architecture together, from on-premise systems to cloud services, including Salesforce, into one managed Private Space that ensures sensitive data and transactions are protected. Postgres EX, Redis EX and Connect EX are unique versions of Heroku’s leading data services that have the additional security factor of being accessible only over a space’s private network.


Within a Space, you can use powerful new primitives to create new types of application architectures. Your app runs in private dynos, smart containers which are all connected to a private network that lets them communicate with each other, so you can compose sophisticated application architectures using small, modular services. Setting up a space is as easy as naming it and clicking a button — in minutes your space is created so your team can stay focused on building great apps.


Each Space has its own runtime dedicated to only your Heroku apps, ensuring even your highest traffic apps deliver low latency performance for every user. Spaces can be deployed to a geographical region you specify to bring your Heroku apps and services closer to your users, further reducing latency. Apps in spaces run on private dynos — smart containers that fully occupy and get the performance benefit of an entire virtual compute instance.

New features for enhanced network isolation and security

Dedicated isolated runtimes

Application infrastructure, provisioned for your apps

Dedicated private networks

Private, isolated networks for internal services

Private data services

Keep your data more secure and private in your internal network

Selectable regions

Run apps in Tokyo, Frankfurt, Oregon, Sydney, and Virginia

Stable outbound IPs

Securely connect apps to third party cloud services and corporate networks

Trusted IP ranges

Limit app access to users only on trusted networks

Explore the docs

Expanded application architecture possibilities

Private APIs

Create apps and services accessible only from internal networks, such as intranets and internal APIs. Leverage private data storage for enhanced security and privacy

Run apps in five global regions

Run network-isolated apps in five global regions closer to your users for better application latency and experiences

New app dev architectures

Enable new app dev architectures using private networking for extensible multi-tier applications

Learn more about Private Spaces

Please tell us more about your project and we'll be in touch.


Cloud Apps with the Trust and Control of On-Premise

Create new opportunities for app engagement while maintaining enterprise control. Learn how fintech start-up Moneytree leverages Heroku Private Spaces.

Heroku Private Spaces in Action

Walk through new architectures that are now possible for enterprise apps in this technical demo of Heroku Private Spaces.