
Tessell runs every database inside your own cloud account, secured with your keys. Your data never leaves your perimeter.
Most managed database services ask you to move your data into their environment. Tessell does the opposite. Your databases run where your data already lives, under governance you already control.
Tessell separates the management layer from the data layer. The control plane runs in Tessell's cloud and holds only metadata about your services. The data plane runs in your cloud account and holds everything else. Because your data never flows to Tessell, Tessell acts as a tool you operate, not a processor. You stay in control of what runs, where it runs, and who can reach it.
The same controls apply across every engine and every cloud you run
All traffic is secured with TLS, enforced at a minimum of TLS 1.2, using strong cipher suites for every connection.
Databases and backups are encrypted at rest with cloud-native encryption. Bring your own customer-managed keys through AWS KMS or Azure Key Vault.
Keep control-plane to data-plane traffic off the public internet with AWS PrivateLink and Azure Private Link.
Multi-factor authentication, role-based access with least privilege, and SSO through Okta, Google, or Microsoft Entra ID, with revocable tokens.
Choose where every database runs and in which region, and keep the keys, images, and tooling that go with it. Data stays in the account and region you select, and nothing is copied out to run the platform. And bring your own:
The same rigor applies to our people, our code, and our infrastructure, every day, not just at audit time.
Tessell maintains the certifications enterprise security teams look for, in production across financial services, energy, healthcare, and government.

SOC 2 Type II
AICPA Service Organization Control. Validates security controls operating effectively over time. Report available on request.

PCI DSS v4.1
Payment Card Industry Data Security Standard, aligned to the current v4.1 requirements.

ISO/IEC 27001:2022
Information Security Management System. Passed the latest surveillance audit with zero non-conformities.

ISO/IEC 27701:2019
Privacy Information Management System. Extends ISO 27001 to privacy and PII handling.
Because your databases run inside your own account and your data stays under your governance, Tessell supports the compliance posture you already maintain, including GDPR, DORA, and PCI DSS, without taking custody of your data. Your residency, sovereignty, and access controls remain yours to define, cloud by cloud and region by region.
Fortune 500 companies, global banks, and government agencies trust Tessell with their most critical databases

Talk to a specialist. We will walk your team through the architecture, share our reports, and answer your security questions.