Bring your own cloud
Pinecone BYOC (Bring Your Own Cloud) lets you run a dedicated, fully-managed Pinecone region directly within your own cloud account. You get the security and control of a self-hosted solution, but keep the simplicity and hands-off experience of a fully managed SaaS product. All your data stays and is processed only in your cloud, ensuring complete data sovereignty—our team handles all operations for you, from deployment and maintenance to monitoring and updates.
Key Benefits
Full isolation
Separate control and data planes, with the data plane fully isolated in your own VPC.
Cost savings
Leverage existing pricing discounts, savings plans, and commitments.
Granular access
Control user access, set security and usage policies, and monitor users and workloads.
Security & compliance
Ensure sensitive data stays within your account and meets your data sovereignty requirements.
How it works
Every Pinecone deployment is composed of two main components:
Control Plane
Responsible for managing the index lifecycle, as well as operating all region-agnostic services such as user management, authentication, and billing. The control plane does not hold or process any records.
Data Plane
Responsible for storing and processing your records. It runs compute pods for executing vector similarity search queries and indexing operations, interacting with object storage to retrieve and persist index data.
With BYOC, the data plane deploys in a dedicated VPC within your AWS account, ensuring all data remains stored and processed locally within your organization's boundaries. For enhanced security, you can establish AWS PrivateLink private endpoints to protect data plane API calls.
SaaS vs BYOC Comparison
| Pinecone SaaS | Pinecone BYOC | |
|---|---|---|
| Managed service | ||
| Automatic updates | ||
| Namespace-level encryption | ||
| Private networking | ||
| Full audit logging | ||
| Environment type | Secure multi-tenant environment | Dedicated environment |
| Data storage | Encrypted and stored in a secure Pinecone environment | Encrypted and stored in the customer’s account |
| Region availability | Select regions | Any public AWS/GCP/Azure region |
FAQs
Start building knowledgeable AI today
Run a dedicated, fully-managed Pinecone region directly within your own cloud account.