🇪🇺 EU company. GDPR by default. Sovereign.

🇪🇺 Static IP for Heroku

Heroku has no native static IP, and its add-ons (QuotaGuard, Fixie) are US companies. Get a fixed pair of EU IPs from an EU-based, GDPR-compliant, sovereign provider. Set one env var and your dynos are covered.

Heroku dyno

# heroku config:set

HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

# app.py

import requests

r = requests.get(

  "https://api.partner.eu/data",

  headers={"Authorization": "Bearer .."}

)

The Heroku static IP problem

Heroku dynos get dynamic egress from rotating AWS pools, the platform has no native static IP feature, and every existing add-on is a US company. If you care about EU data residency, that leaves a gap.

No native static IP

Heroku itself does not offer a fixed outbound IP. Dynos pull from dynamic AWS IP pools that rotate constantly. If a partner API or firewall only allows known addresses, your Heroku app gets blocked.

The add-ons are all US companies

The static IP ecosystem on Heroku, QuotaGuard and Fixie, are both US-based. Your proxy traffic routes through US infrastructure, which doesn't solve the GDPR data-residency side for EU teams.

Heroku is in sustaining mode

Heroku announced a "sustaining engineering model" in 2025: no new features, no new enterprise clients. Relying on its add-on ecosystem for something as critical as your outbound identity feels increasingly uncertain.

No sovereign EU option

Even if you use a Heroku add-on for a static IP, none of them are EU companies. Your data flows through US-owned proxy infrastructure, which doesn't satisfy teams that need a sovereign, EU-resident provider for their outbound traffic.

When the compliance team asks

"Your static IP add-on routes through a US company. Can we get a sovereign EU one?"

You need an EU-based, GDPR-compliant provider, not another US middleman on a platform in sustaining mode.

The Solution

An EU company, GDPR by default, sovereign egress for your dynos

Heroku dyno

OutboundGateway

(EU company, GDPR)

Partner API

Your Heroku dynos get a fixed pair of EU IP addresses from an EU-based company that is GDPR-compliant by default. Two IPs with automatic failover, no US middleman.

EU company, GDPR by default. No need to negotiate a data-processing agreement with a US proxy provider.
Sovereign egress. Your traffic stays within EU infrastructure, owned and operated by an EU company.
Set one heroku config:set and your existing code starts routing through it. No dyno restart needed.

Why teams switch from Heroku add-ons to OutboundGateway

EU company, not a US add-on. QuotaGuard and Fixie are both US-based; OutboundGateway is an EU company with GDPR compliance baked in.
Sovereign infrastructure. Your outbound traffic routes through EU data centres owned by an EU company, not US cloud.
Survives the Heroku sustaining-engineering wind-down. OutboundGateway works on any platform, so if you migrate off Heroku later your IPs follow you.
Two fixed EU IPs with automatic failover. No rotating AWS pools, no add-on dependency, no Heroku restart to apply.
TLS passthrough. Your API tokens and request payloads stay unreadable at the proxy, because TLS passes straight through.

Who it's built for

Heroku teams going EU

Currently using QuotaGuard or Fixie on Heroku but need a sovereign, EU-based, GDPR-compliant alternative.

Heroku Connect users

Running Heroku Connect integrations with Salesforce or partner APIs that enforce IP allowlisting, who want an EU egress.

EU SaaS on Heroku

Running EU products on Heroku that need GDPR-aligned outbound access from a fixed EU address, not a US add-on.

Teams planning migration

Preparing to leave Heroku's sustaining-engineering model and want an IP provider that follows them to any platform.

Implementation

Set HTTPS_PROXY with heroku config:set. Your dynos pick it up on the next request. No dyno restart, no add-on install.

Set the config var on Heroku

This is the same pattern as setting a QuotaGuard or Fixie URL, except your proxy is an EU company. Set it once and every dyno uses it.

# Set the proxy on your Heroku app
heroku config:set HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

# Your existing code works as-is
import requests

# requests honours HTTPS_PROXY from the environment automatically
r = requests.get(
    "https://api.partner.eu/data",
    headers={"Authorization": "Bearer .."},
)

print(r.status_code)  # 200, from your fixed EU IP

Node.js (fetch)

In Node, pass the proxy explicitly with https-proxy-agent.

// heroku config:set HTTPS_PROXY=https://user:pass@eu-01.outboundgateway.com:8443

const { HttpsProxyAgent } = require('https-proxy-agent');

const agent = new HttpsProxyAgent(process.env.HTTPS_PROXY);

// Every request leaves through your fixed EU IP
const res = await fetch('https://api.partner.eu/data', {
  headers: { 'Authorization': 'Bearer ..' },
  agent,
});

Two EU IPs, no add-on dependency

Your account comes with two static IP addresses (for example 51.xx.xx.10 and 51.xx.xx.11). Both are in EU data centres owned by an EU company. If one proxy node is briefly unavailable, traffic shifts to the other automatically. No Heroku add-on involved, so you're not dependent on a third-party add-on provider's uptime.

📖 Want the longer version? Worked examples, error handling, and other languages are in the Python SSL Proxy Guide, Node.js Guide, and the rest of the docs.

EU company, GDPR by default, sovereign

OutboundGateway is an EU company. Heroku and its add-ons are not. That matters when your compliance team asks who handles your outbound traffic.

An EU company

OutboundGateway is incorporated and operated in the EU. Your proxy traffic is handled by a company within your regulatory jurisdiction, not a US provider behind a Heroku add-on.

GDPR by default

TLS passes straight through, so the proxy never decodes your API tokens or request payloads. Being an EU company means GDPR applies natively, with no cross-border data-transfer mechanism to negotiate.

Sovereign infrastructure

The proxy runs in EU data centres. Your Heroku dynos' outbound traffic leaves from European infrastructure, not from a US add-on provider's servers.

Portable beyond Heroku

If you migrate off Heroku later, your IPs follow you. The proxy is a config var, not a Heroku add-on, so it works on any platform you move to.

Why teams route Heroku through OutboundGateway

EU company

An EU-based provider, not a US add-on. GDPR applies natively, with no cross-border transfer to negotiate.

No add-on dependency

Set one heroku config:set. No add-on install, no third-party uptime to depend on, no dyno restart.

GDPR by default

TLS passthrough means the proxy never sees your traffic. Being an EU company means GDPR is the default, not an afterthought.

Survives Heroku wind-down

Heroku is in sustaining mode. OutboundGateway works on any platform, so your IPs follow you if you migrate.

Encrypted end to end

TLS passthrough means the proxy can't read your traffic. Tokens and request data stay private the whole way.

Flexible plans

Starting from €29/month. Flexible plans for every scale. Cancel anytime.

Give your Heroku dynos a sovereign EU egress

Replace your US add-on with an EU company. Set one config var and your outbound traffic routes through two fixed EU IPs, GDPR-compliant by default.

€29/month starter plan • 7-day refund policy • Direct founder support

Frequently asked questions

How is this different from QuotaGuard or Fixie on Heroku?

QuotaGuard and Fixie are both US companies. OutboundGateway is an EU company with GDPR compliance by default and sovereign EU infrastructure. If your compliance team needs an EU-based, EU-jurisdiction provider for your outbound proxy traffic, the US add-ons don't satisfy that requirement. You also avoid the add-on dependency entirely: it's just a heroku config:set, no add-on install.

Does this work alongside my existing Heroku add-ons?

Yes. Setting HTTPS_PROXY is independent of any Heroku add-on. You can run it alongside your existing add-ons and switch traffic over gradually, then remove the old add-on once you've confirmed the new IPs are whitelisted everywhere.

What happens if I migrate off Heroku later?

Your IPs follow you. Because OutboundGateway is a config var, not a Heroku add-on, the same HTTPS_PROXY value works on any platform you move to, whether that's a VPS, Kubernetes, or another PaaS. Your partners don't need to update their allowlists.

Still weighing it up?

Happy to talk through how a two-IP EU egress replaces your Heroku add-on, whether you're staying on Heroku or planning a migration.

Contact Our Founders →