BYOC — bring your own cloud
Running the data plane in your own cloud account, under your own keys, so raw telemetry never leaves your boundary.
What it is
BYOC (bring your own cloud) means the data-plane components run inside your cloud account, not ours. The components that touch raw, per-viewer telemetry live where your security boundary already is, encrypted under a KMS key you own.
Why it matters
Raw delivery telemetry can be sensitive — viewer sessions, IPs, content ids. BYOC keeps all of it in your account under your own customer-managed key (CMK). m-cdn's multi-tenant control plane only ever receives privacy-safe 5-minute summaries: no session id, no IP, no content id. Drill-downs route back through an outbound mTLS bridge to your raw store, audited per request.
How the boundary holds
The data plane opens an outbound-only mutual-TLS long-poll to the control plane — there are no inbound holes in your VPC, m-cdn never connects in. You set raw retention (7 days to 7 years); the control plane stores only aggregates. ML training samples are opt-in per request under a Data Sharing Addendum, scoped and revocable.
Standards & references
- ADR-022 — BYOC-pure analytics
docs/architecture/90_decisions/ADR-022 - ADR-134 — deployment models