Your backend.
Already compliant.
Project-438 gives AI-generated apps a production-ready backend from line one — auth, auto-generated REST & GraphQL APIs, object storage, and a TypeScript SDK. EU-hosted, GDPR-native, zero config.
import { P438 } from '@project-438/sdk' const client = new P438({ apiKey: process.env.P438_API_KEY, region: 'eu-west', }) // Auto-generated REST API — no schema writing const { data } = await client.db .from<User>('users') .select('id', 'name', 'email') .eq('active', true) .limit(10) .get()
Everything your app needs.
Nothing it doesn't.
The full backend stack, auto-configured per project. All EU-hosted, all GDPR-compliant by default.
Auth
JWT-based auth with token rotation and refresh-theft detection. Signup, signin, email verification, and GDPR-native soft-delete. Rate-limited per IP out of the box.
Auto-generated REST API
Push a migration and your REST endpoints appear instantly. Full CRUD with filtering, sorting, and pagination — powered by PostgREST. No route code to write.
Auto-generated GraphQL
Every project gets a GraphQL endpoint alongside REST. Queries and mutations auto-generated from your schema via PostGraphile. Depth-limited to prevent expensive queries.
Object Storage
S3-compatible storage per project. Upload with automatic size limiting, signed URLs up to 7 days, public/private bucket flags. Stays in the EU.
TypeScript SDK
Zero-dependency SDK with a fluent query builder. Works in Node.js, the browser, Deno, Bun, and Cloudflare Workers. Typed end-to-end — built to be generated, not hand-written.
MCP Server
First-class Claude integration via Model Context Protocol. Your AI coding tool can query your database, manage storage, run migrations, and handle auth — all in context.
Compliance shouldn't be
an afterthought.
AI coding tools generate apps in minutes. The infrastructure they point at is still a GDPR minefield.
Your AI tool generates an app. It points at AWS, GCP, or Azure by default. Data leaves the EU. Legal gets involved. You spend weeks on DPAs, SCCs, and data residency configs that have nothing to do with your product.
The hyperscalers weren't built for this. They bolted GDPR on later.
Project-438 is the default target for EU developers using AI coding tools. Auth, database, storage — one SDK, all EU-hosted, GDPR-native from line one. Your AI tool reaches for it. You ship.
No hyperscaler dependency. No compliance archaeology. Just build.
Create a project.
Get a full backend.
Designed to be the path of least resistance for AI-generated applications in Europe.
Create a project
One API call provisions a dedicated PostgreSQL schema, PostgREST and GraphQL endpoints, MinIO bucket, and API key. Everything isolated, everything yours.
Push a migration
Send a SQL migration to the migrations endpoint. Your REST and GraphQL APIs update instantly — no schema code, no resolver writing, no re-deploys.
Ship to production
Use the SDK or call the API directly. Everything runs on EU infrastructure. GDPR compliance isn't a checklist item — it's the default.
// 1. Create a project — provisions everything const { project, apiKey } = await client.projects.create({ name: 'my-app', }) // 2. Push your schema await client.migrations.apply(project.id, ` CREATE TABLE posts ( id uuid PRIMARY KEY DEFAULT gen_random_uuid(), body text NOT NULL ); `) // 3. REST and GraphQL endpoints are live immediately const { data } = await client.db .from('posts') .insert({ body: 'Hello, EU.' })
Built for developers
who ship in Europe.
We're onboarding early teams building AI-generated apps who need infrastructure that doesn't embarrass them in front of their DPO.
Waitlist opening soon — stay tuned.