Three models. No vendor lock-in. No requirement to move data to assess it.
Deploy into your own AWS, Azure, or GCP account. Your networking, your IAM, your storage. No production data routed to vendor infrastructure.
Run inside a private data centre or restricted network segment. No internet dependency at runtime. For teams where operational data egress is ruled out by policy.
Embed the detection and policy layer directly into an existing pipeline or product when a standalone deployment is not the right fit.
The technical review covers deployment boundaries, source types, and what a narrow pilot in your environment would actually involve.