Skip to content

Private Tenant

Private Tenant is a deployment option for organizations whose regulatory posture, data-classification rules, or internal security policy don't fit the multi-tenant SaaS. On a Private Tenant, Escape runs on dedicated infrastructure you can pin to a specific region and audit end-to-end.

What Dedicated Means

  • Dedicated database and object storage: your scan artifacts, issues, assets, and reports live on infrastructure allocated to your organization only. No data co-tenancy with other customers.
  • Dedicated scanner fleet: scanner workers run in pods labeled to your tenant. Scan traffic, auth material, and captured payloads don't leave your tenant's namespace.
  • Dedicated ingress and API surface: the Public API and the app UI are served from a tenant-scoped hostname with a TLS certificate you can pin.

Region Pinning

Private Tenants can be deployed in any of the Escape-supported regions:

  • EU (Paris, Frankfurt)
  • US (N. Virginia, Oregon)
  • Singapore, Sydney

Additional regions on request. Region pin is strict: every datum, scan log, and generated artifact stays in the region you picked.

Who Should Look at This

Typical triggers:

  • Data residency obligations (GDPR Article 44, German IT security law, French Cloud de confiance).
  • Sector-specific rules (HIPAA-adjacent deployments, financial regulators requiring customer data segregation).
  • Internal policies that prohibit security-finding storage on shared multi-tenant systems.

If any of those apply, Private Tenant is the fit.

How to Get Started

Private Tenant is sold per organization with its own onboarding. Contact your account team, or write to support@escape.tech if you'd like an architecture review for your compliance program. The onboarding covers region, region failover, SSO identity provider, scanner concurrency caps, and audit-log export.

See also Rotating Keys for the key-management posture on Private Tenants, and Privacy and Security for the broader data-handling model.