
Trusted by regulated enterprises
Fortune 500 US Bank
Zero public internet exposure
Leading Healthcare Data Platform
67.5 TB migrated, zero compliance gaps
US State IT Services Provider
Public sector compliance on Azure
One architectural decision shapes everything else. Tessell runs the same platform across a choice of deployment options, so you decide how much we manage and how much stays entirely within your perimeter, down to your own cloud account.
The data plane runs inside your own cloud account, under your encryption keys and your network policies. Tessell's control plane manages operations from outside your perimeter. Your data never leaves your account.
Best for regulated enterprises and governments with strict data sovereignty requirements.

Data sovereignty is not a single feature. It is what becomes possible when the data plane runs in your own account: your keys, your network, and your existing security stack all stay in your hands.

With VPT@Customer, the data plane runs inside your own cloud account. Tessell manages operations through a scoped service principal limited to specific resource groups, with private-only connectivity and no public internet exposure. Tessell never holds your data.

Encryption keys stay under your control through your own KMS or Key Vault. Databases deploy into your own network topology with your security policies applied. Tessell operates within the boundaries you define, never around them.

Tessell connects to your existing monitoring, security, and analytics stack rather than asking you to adopt a new one. Vulnerability scanning, log management, and observability flow into the tools your teams already operate, with enterprise authentication through your directory.
Tessell maintains the certifications and attestations enterprise security and procurement teams evaluate first. Because your data plane runs inside your own account, your databases operate within your compliance perimeter - under your controls, your audit trail, and your governance.

PCI DSS v4.1
Privacy information management

ISO 27001
Information security management

ISO/IEC 27701
Privacy information management

SOC 2
Security, availability & confidentiality controls
For one of the largest banks in the US, moving database operations to the cloud could not mean moving data out of its control. With VPT@Customer, it didn't have to.

Keeping data in your perimeter is one part of a larger architecture. Tessell's Governance and Control brings all three together.
Provisioning standards, access controls, and Data Access Policies - including masking sensitive data before it reaches lower environments - applied structurally across the estate.
Explore Policy EnforcementPer-database cost attribution across compute, storage, licensing, and backup - so the estate you have secured is also the estate you can fully optimize.
Explore Cost Visibility
Talk through the VPT@Customer architecture with a Tessell security architect, or request a security review that maps Tessell to your specific compliance and data sovereignty requirements.