Skip to main content
Milana can be deployed as a single-tenant install inside your own Google Cloud account — bring your own cloud (BYOC). Every session recording, your database, and the entire analytics pipeline run within your cloud and under your IAM, and the AI analysis runs on an Anthropic account that you own. Milana only operates the software. Milana offers three data-residency options, in increasing order of isolation:
  • Standard multi-tentant — fully Milana-managed.
  • BYO Storage (BYOS) — Milana-managed, but your session recordings stay in your own storage bucket.
  • BYO Cloud (BYOC) — the full data plane runs in your cloud (this page).
BYOC is currently available on Google Cloud Platform (GCP) only.

Architecture

A BYOC install runs in your own Google Cloud project and has three parts:
  1. Your data plane — every Milana service (ingest, app and API, encoding, transcription, background jobs), your database, your storage buckets, your analytics warehouse, and the event pipeline. All session data is created, processed, and stored here.
  2. Your Anthropic account — the AI agents that run the analysis. You bring the account and key; Milana authenticates with it on your behalf.
  3. Milana’s control plane — the software itself and the automation that deploys and updates it. It provisions your data plane but stores none of its data.

What leaves your cloud

To analyze sessions, Milana sends derived data — query details, session transcripts — to your Anthropic account, where the analysis agents run. The analysis agents run under your contract, billing, and retention settings.

Identity and access

  • Your users sign in through your own identity provider via SSO (OIDC / SAML). Milana issues no standing end-user credentials of its own.
  • Milana operator access is limited to deploying and operating the software. Any changes are made through least-privilege access that is visible in audit logs.
  • Turbopuffer operator access is limited to deploying and updating Turbopuffer. Turbopuffer holds no standing access to your database, storage, or warehouse, and any change is made through least-privilege access that is visible in audit logs.
  • Secrets — all provider keys and application secrets live only in your cloud’s secret manager. Milana never holds them.

Sub-processors

On a BYOC deployment, every provider that touches your session content runs either inside your cloud or on an account you own:
Sub-processorPurposeNotes
Google Cloud PlatformHosts your deploymentYour own project (incl. Vertex / Gemini, in-project)
TurbopufferVector search indexDeployed in your GCP project; data never leaves your cloud
AnthropicAI analysis agentsYour workspace and key; derived text only
ClerkSSO / identityIdentity claims only; never session content
Milana’s own operational sub-processors — for observability, feature management, transactional email, and internal identity — are listed in full at our trust center. On a BYOC deployment:
  • Braintrust is disabled
  • Resend is disabled
  • Posthog is disabled
  • Voyage is within-VPC (Vertex model garden)
All data is handled in accordance with SOC 2 guidelines. Milana is SOC 2 Type II certified, with controls monitored by Vanta.

Need help?

Contact help@getmilana.ai or your onboarding specialist to discuss a BYOC deployment.