QuotaGuard has two products. They solve related but different problems. Here's a straightforward breakdown of what each one does and when you'd use it.
QuotaGuard Static
What it does: Gives you two load-balanced static IP addresses for outbound traffic. Your app's requests route through a proxy (HTTP, SOCKS5, or QGTunnel) and exit from those two IPs. Load-balanced with automatic failover.
The problem it solves: Your app runs on infrastructure with rotating IPs (Heroku, Render, Lambda, Azure Functions, etc.) and a partner API, database, or firewall needs a whitelisted IP address.
Starts at: $19/month
You need Static if:
You have a partner, vendor, or customer that says "give us your IP so we can whitelist it." That's the core use case. Payment processors, SFTP servers, corporate databases, legacy APIs with IP-based access control. If someone needs to know your IP address, Static is the answer.
Static handles HTTP proxy, SOCKS5, and QGTunnel for TCP connections. So it works for API calls, database connections, SFTP, and pretty much any outbound protocol.
You don't need Static if:
Your integrations use API key authentication and don't require IP whitelisting. Most modern SaaS APIs (Stripe, Twilio, OpenAI, etc.) authenticate with API keys and don't care about your source IP. If nobody's asking for your IP, you probably don't need this.
QuotaGuard Shield
What it does: Everything Static does, plus SSL passthrough with end-to-end encryption. Traffic passes through the proxy infrastructure without TLS termination. The proxy never sees your unencrypted data.
The problem it solves: You need static IPs AND you handle regulated data that requires encryption in transit. Healthcare data under HIPAA. Payment card data under PCI-DSS. Sensitive personal data under GDPR.
Starts at: $29/month
You need Shield if:
A compliance framework requires that your data stays encrypted end-to-end, including through any intermediary infrastructure. With standard Static, TLS terminates at the proxy and re-encrypts on the other side. For most use cases that's fine. For regulated data, an auditor might flag it.
Shield's SSL passthrough means the TLS connection runs directly from your app to the destination. The proxy routes the encrypted traffic without decrypting it. Your auditor sees end-to-end encryption with no intermediary termination point.
Specific scenarios where Shield applies: sending PHI (protected health information) to a healthcare partner, transmitting payment card data to a processor, handling personal data where your DPA requires encryption through all intermediaries.
You don't need Shield if:
Your data isn't regulated. If you're calling a partner's REST API with non-sensitive business data, Static is sufficient. Shield is specifically for compliance requirements around encryption in transit.
Data Regionality
What it does: Ensures your proxy traffic routes through infrastructure in a specific geographic region. US traffic stays in the US. EU traffic stays in the EU.
The problem it solves: Data sovereignty and residency requirements. GDPR Article 44+ governs transfers of personal data outside the EU/EEA. Some enterprise contracts require that data never leaves a specific jurisdiction.
Costs: $899/month add-on
You need Data Regionality if:
You have contractual or regulatory obligations that data must not leave a specific region. Common scenarios: EU-based customers whose personal data must stay within the EU, government contracts with data sovereignty requirements, financial services with jurisdiction-specific data handling rules.
Without regionality, your proxy traffic might route through infrastructure in any region. With regionality, you choose the region and traffic stays there. This gives you documentation for compliance audits that shows data never crossed jurisdictional boundaries.
You don't need Data Regionality if:
Your compliance requirements don't include geographic data residency. Many teams need HIPAA or PCI compliance (Shield handles that) but don't have geographic restrictions. Regionality is specifically for data sovereignty.
Side-by-Side Comparison
QuotaGuard Static ($19/month)Two static IPs. HTTP proxy, SOCKS5, QGTunnel. Automatic failover. Traffic logging on the dashboard. Works with Heroku, Render, Lambda, Azure, Vercel, Railway, and most platforms.
QuotaGuard Shield ($29/month)Everything in Static, plus SSL passthrough. End-to-end encryption. No TLS termination at the proxy. Compliance logging for HIPAA, PCI-DSS, and GDPR audits.
Data Regionality ($899/month add-on)Region-locked proxy infrastructure. US or EU routing. Data sovereignty documentation for audits and enterprise contracts. Add-on to either Static or Shield.
Decision Flow
Start with Static. Most teams need static IPs for whitelisting. $19/month solves it.
If your compliance framework requires end-to-end encryption through intermediary infrastructure, upgrade to Shield. $29/month.
If your compliance framework or customer contracts require geographic data residency, add Data Regionality. $899/month on top of Static or Shield.
Most teams use Static. Teams in healthcare, finance, and regulated industries use Shield. Teams with multinational enterprise customers or government contracts add Data Regionality.
Getting Started
Sign up for the product that matches your requirements. Setup is the same for all three: add the proxy URL as an environment variable, route your traffic through it, whitelist the two static IPs.
You can start with Static and upgrade to Shield or add Data Regionality later without changing your integration code. The proxy URL stays the same.
QuotaGuard Static IP Blog
Practical notes on routing cloud and AI traffic through Static IPs.
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
