What is Cloudflare D1 — and why run your agency on it?

sSystm Team6 min read
TL;DR

Cloudflare D1 is a serverless SQLite database that runs on Cloudflare's global network — you get a real SQL database without provisioning servers, managing connections or paying for idle time. A BYOC agency OS uses D1 because a fresh database can be created on your own Cloudflare account with an API call, pinned to a region (including a hard EU option), isolated from every other customer, and billed transparently on your own account — so your agency owns its data by construction, not by promise.

Cloudflare D1 is a serverless SQL database, built on SQLite, that runs on Cloudflare’s global network. You get a real relational database — tables, rows, SQL queries, transactions, indexes and automatic backups — without provisioning a server, managing connection pools or paying for a machine that sits idle overnight. A BYOC agency OS runs on D1 because one of these databases can be created on your Cloudflare account with a single API call, pinned to a region you choose, and isolated from every other customer. Your agency owns its data by construction, not by promise.

This post explains what D1 actually is in plain terms, how it differs from the central database behind a typical SaaS, and why provisioning D1 on your own account is the technical foundation that makes data ownership real rather than rhetorical.

What is Cloudflare D1, in plain terms?

Think of a database as a very disciplined spreadsheet: it stores your records in tables, enforces rules about what each column can hold, and answers questions (“show me every unpaid invoice from June”) using a language called SQL. Most business software is a friendly interface sitting on top of a database like this.

D1 is that database, delivered as a service. Two words describe it:

  • Serverless. There is no server for you to choose, size, patch or restart. You do not think about CPU, RAM or disk. Cloudflare runs the infrastructure; you get an endpoint that answers SQL. When no one is using it, you are not paying for an idle machine — billing is based on the rows you actually read and write.
  • SQLite. D1 is built on SQLite, the most widely deployed database engine in the world — it ships inside phones, browsers and aircraft systems, and it is known for being small, fast and extraordinarily reliable. D1 takes that proven engine and runs it on Cloudflare’s network so it is available over the internet with backups and scaling handled for you.

The result is a database that feels like a utility. You ask for one, you get a connection string, and you start writing SQL. There is nothing to keep alive.

How is D1 different from a traditional database?

If you have used a hosted Postgres or MySQL database, the difference is less about the SQL you write and more about what you have to manage around it.

Traditional managed DB (e.g. hosted Postgres) Cloudflare D1
You provision A sized instance (CPU/RAM/disk) Nothing — you just create a database
Runs when idle Yes — you pay for it 24/7 No — you pay per read/write
Connections Pools you must manage and cap Handled by the platform
Where it runs One region you pick Cloudflare’s network, close to your Workers
Scaling You resize the instance Managed for you
Backups You configure them Automatic, with point-in-time recovery

The practical upshot for smaller, per-customer workloads — like one agency’s CRM and projects — is that D1 removes the fixed overhead. A traditional database charges you rent whether or not anyone logs in; D1 charges you for the work it does. That difference is exactly what makes it affordable to give every customer their own database instead of packing everyone into one shared cluster.

Why does a BYOC agency OS provision D1 on your account?

Here is where D1 stops being a database detail and becomes the whole point. In a conventional SaaS, your agency’s data lives in the vendor’s central database, mixed with thousands of other customers. In a BYOC (Bring Your Own Cloud) model, the platform creates a dedicated D1 database on your Cloudflare account instead. Four things follow directly from that:

  • Ownership. The database appears in your own Cloudflare dashboard, not the vendor’s. The vendor’s access is granted and revocable; yours is inherent.
  • Region and jurisdiction. Because you are creating the database, you pick where it lives at provisioning time — including a hard EU-jurisdiction option in sSystm. This is residency by construction, covered in depth in data residency and GDPR for agencies.
  • Isolation. Your records sit in a database of their own. There is no shared multi-tenant table to leak across, so a breach elsewhere on the platform has no path into your data — the blast radius is a single tenant.
  • Cost transparency. The database’s usage is billed on your Cloudflare account, in your own console, at Cloudflare’s published rates. You can see exactly what your data layer costs rather than reading it out of a bundled subscription line.

D1’s serverless economics are what make this feasible. Because an idle D1 database costs almost nothing, “one database per organisation” is a routine API call rather than an expensive architectural choice.

What “on your own account” actually gives you

It is worth being precise about the difference between a database that is dedicated to you and one that is owned by you, because vendors blur the two.

Question Vendor-hosted “dedicated” DB D1 on your Cloudflare account
Whose console is it in? The vendor’s Yours
Who can pick the region? The vendor You, at sign-in
Who holds the backups? The vendor You
What happens if you leave? You export; they keep the account You keep the database in place
Who is billed? Bundled into your plan You, by Cloudflare, directly

A single-tenant database on the vendor’s account is good isolation — but it is still isolation, not ownership. The BYOC test is simple: the database has to show up in your cloud console, and it has to survive you cancelling the product.

What about speed and reliability?

Because D1 runs on Cloudflare’s network, the database sits close to the Workers that read and write it, which keeps queries fast without you tuning anything. Durability is handled for you too: D1 keeps automatic backups and supports point-in-time recovery, so a bad import or an accidental deletion is recoverable rather than fatal. You get these properties without operating a database team — the same “SaaS operations, self-hosted ownership” trade that defines the BYOC model.

Is D1 the right database for an agency’s data?

For the shape of data an agency actually runs — contacts, deals, projects, invoices, documents, calendar entries — D1 is a strong fit. This is transactional, relational, per-organisation data measured in thousands to millions of rows, not petabyte analytics. That is precisely the workload SQLite excels at, and precisely the workload where D1’s per-database, pay-for-use model is cheapest.

It is not the right tool for everything — massive analytical warehouses or workloads needing a specific Postgres extension are a different job. But for running an agency, the combination of a real SQL database, near-zero idle cost, and the ability to create one per customer on the customer’s own account is what turns “your data is yours” from a slogan into an architecture. If you want to see how that architecture avoids the usual traps, read our take on SaaS vendor lock-in and how to avoid it, or the full picture in how sSystm works.

Frequently asked questions

What is Cloudflare D1 in simple terms?

Cloudflare D1 is a managed SQL database built on SQLite that runs on Cloudflare's serverless platform. You send it standard SQL queries and it stores your tables and rows, but there is no server to size, patch or keep running — Cloudflare handles the infrastructure and you are billed for what you actually read and write.

Is D1 a real database or just a cache?

It is a real, durable relational database. D1 speaks SQL, enforces schemas, supports transactions and indexes, and persists your data with automatic backups (point-in-time recovery). It is SQLite under the hood, so it behaves like the same battle-tested engine that ships in billions of devices — not a temporary cache.

Why would an agency use Cloudflare D1 instead of a central database?

Because a D1 database can be created on the agency's own Cloudflare account rather than the software vendor's. That gives the agency isolation (its data is not mixed into a shared multi-tenant table), a choice of region and jurisdiction, transparent per-account billing, and a clean exit — if it leaves the platform, the database stays on its account.

Can I keep my D1 database in the EU?

Yes. When a D1 database is provisioned you can choose its location, and sSystm offers a hard EU-jurisdiction guarantee for the database at sign-in. Because the database lives on your own Cloudflare account, the residency claim is enforced by where the data is created, not by a vendor policy that could later change.

Does using D1 mean I'm locked into sSystm?

No — it is the opposite. The D1 database is provisioned on your Cloudflare account, and the Build module deploys Workers to that same account. If you stop using sSystm, the vendor loses access but the database and everything in it remain yours, in place, with nothing to export.

byoccloudflare-d1data-ownership

sSystm is the first BYOC agency OS — your clients, your code and your cloud on your own Cloudflare account, with your AI working the whole workspace over MCP.

Join the waitlist