Version: 6.0 · Effective Date: June 15, 2026 · Last Updated: June 15, 2026
EXECUTIVE SUMMARY
brainCloud supports multiple deployment models designed to meet the operational, security, compliance, sovereignty, performance, and infrastructure requirements of customers ranging from independent developers to global publishers and enterprise organizations.
brainCloud currently supports two primary deployment models: Public BaaS and Customer-Owned Deployment (Private License / BYOC).
A key differentiator of the brainCloud platform is that Customer-Owned Deployments are generally not customer-operated deployments. Under Customer-Owned Deployments, customers typically own the cloud account, own cloud resources, pay cloud service costs, and control infrastructure residency, while brainCloud typically deploys the platform, operates the platform, performs DevOps activities, applies updates, applies security patches, performs monitoring, provides support, and performs maintenance.
Enterprise customers frequently require clarity regarding ownership, operational responsibilities, security obligations, compliance responsibilities, and support boundaries associated with cloud-hosted services. This Deployment Responsibility Matrix is intended to provide transparency regarding those responsibilities and support procurement, architecture, security, compliance, and operational review activities.
This document is intended to support procurement reviews, security reviews, architecture reviews, compliance reviews, enterprise evaluations, contract negotiations, and operational planning.
This document should be read together with the brainCloud Trust Center, Security Overview, Privacy Policy, Data Processing Agreement, Service Level Agreement, Public BaaS Support Agreement, and Subprocessor List.
The purpose of this document is to clearly define operational responsibilities associated with each deployment model and reduce ambiguity regarding infrastructure ownership, platform operations, security responsibilities, compliance obligations, and customer responsibilities.
This document is intended to answer common questions including who owns the cloud account, who performs operating system patching, who performs monitoring, who responds to incidents, who performs backups, who is responsible for compliance, who owns customer data, and what BYOC means in the context of brainCloud deployments.
This document applies to Public BaaS Deployments and Customer-Owned Deployments, including Private License and BYOC deployments, unless otherwise specified in applicable agreements.
This document provides general guidance and may be supplemented or modified by Statements of Work, Support Agreements, Professional Services Agreements, managed services arrangements, and other commercial agreements.
Under the Public BaaS model, brainCloud owns, hosts, operates, secures, and maintains the infrastructure used to provide Services. Customers consume the Services through the shared brainCloud platform.
Under the Customer-Owned Deployment model, customers own or control the cloud account and associated cloud infrastructure. brainCloud deploys and operates the platform within the customer-controlled cloud environment.
Customer-Owned Deployments should not be interpreted as customer-operated deployments. Unless otherwise agreed, brainCloud remains responsible for operational management of the brainCloud platform itself.
brainCloud’s deployment model is designed to separate infrastructure ownership from platform operations. This allows customers to maintain infrastructure ownership and governance while benefiting from brainCloud’s operational expertise, platform knowledge, and managed service capabilities.
Responsibilities generally fall into five categories:
| Category | Description |
|---|---|
| Infrastructure | Cloud resources, networking, storage, compute |
| Platform | brainCloud software and services |
| Security | Monitoring, patching, governance, incident response |
| Privacy & Compliance | Regulatory and data protection obligations |
| Applications | Customer-developed software and integrations |
Certain activities require cooperation between brainCloud and Customers, including incident response, compliance activities, privacy requests, security reviews, disaster recovery activities, and regulatory requests.
Specific responsibilities may vary based upon Support Plans, commercial agreements, Statements of Work, Professional Services Agreements, managed services agreements, or other custom enterprise arrangements.
Responsibility Matrix Legend:
| Term | Meaning |
|---|---|
| brainCloud | brainCloud is primarily responsible |
| Customer | Customer is primarily responsible |
| Shared | Responsibility is shared between both parties |
| N/A | Not applicable |
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Cloud Provider Selection | brainCloud | Customer |
| Cloud Account Ownership | brainCloud | Customer |
| Cloud Service Costs | brainCloud | Customer |
| Compute Resources | brainCloud | Customer |
| Storage Resources | brainCloud | Customer |
| Network Resources | brainCloud | Customer |
| DNS Ownership | brainCloud | Customer |
| TLS / Certificate Management | brainCloud | Shared |
| Infrastructure Capacity Planning | brainCloud | Shared |
| Infrastructure Operations | brainCloud | brainCloud |
| Infrastructure Monitoring | brainCloud | brainCloud |
Infrastructure ownership and platform operations are intentionally separated within Customer-Owned Deployments. While customers own cloud resources and cloud accounts, brainCloud generally performs infrastructure operations necessary to support the platform.
brainCloud generally performs operational management activities necessary to support platform availability and reliability.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Operating System Installation | brainCloud | brainCloud |
| Operating System Hardening | brainCloud | brainCloud |
| Operating System Patching | brainCloud | brainCloud |
| Container Platform Operations | brainCloud | brainCloud |
| Infrastructure Configuration | brainCloud | brainCloud |
| Deployment Automation | brainCloud | brainCloud |
| Platform Monitoring | brainCloud | brainCloud |
| Platform Logging | brainCloud | brainCloud |
brainCloud generally maintains responsibility for the operational integrity of the platform stack regardless of deployment model.
Operating system and platform infrastructure responsibilities may vary if a custom enterprise arrangement expressly assigns responsibilities differently.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| brainCloud Software | brainCloud | brainCloud |
| Platform Releases | brainCloud | brainCloud |
| Platform Updates | brainCloud | brainCloud |
| Security Updates | brainCloud | brainCloud |
| Bug Fixes | brainCloud | brainCloud |
| Feature Releases | brainCloud | brainCloud |
| Operational Support | brainCloud | brainCloud |
brainCloud retains responsibility for platform software across all deployment models. Platform updates, bug fixes, enhancements, security improvements, and maintenance activities are managed by brainCloud subject to applicable agreements.
Platform software remains a brainCloud responsibility regardless of whether infrastructure is owned by brainCloud or the Customer.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Security Governance | brainCloud | Shared |
| Vulnerability Management | brainCloud | brainCloud |
| Security Monitoring | brainCloud | brainCloud |
| Security Logging | brainCloud | brainCloud |
| Security Patching | brainCloud | brainCloud |
| Incident Detection | brainCloud | brainCloud |
| Incident Response | Shared | Shared |
| Customer IAM Policies | Customer | Customer |
| User Authentication Configuration | Customer | Customer |
| End User Security | Customer | Customer |
| Customer Security Configuration | Customer | Customer |
Security is a shared responsibility. brainCloud secures the platform while customers remain responsible for their applications, users, credentials, integrations, and business processes.
Incident response activities generally require cooperation between brainCloud and Customers. Roles and responsibilities may vary depending upon the nature of the incident and deployment model.
brainCloud maintains platform security controls, governance processes, operational safeguards, and security policies intended to support secure operation of Services. Customers remain responsible for security obligations associated with their applications, users, credentials, business processes, and regulatory requirements.
Incident response activities generally require cooperation between brainCloud and Customers. brainCloud may lead platform-level investigation and remediation, while Customers may be required to assist with application-level investigation, end-user communications, regulatory analysis, or customer-controlled infrastructure activities.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Encryption Standards | brainCloud | brainCloud |
| Encryption in Transit | brainCloud | brainCloud |
| Encryption at Rest | brainCloud | brainCloud |
| TLS Configuration | brainCloud | Shared |
| Cryptographic Controls | brainCloud | brainCloud |
| Certificate Management | brainCloud | Shared |
| Key Storage | brainCloud | Customer |
| Customer KMS Administration | N/A | Customer |
brainCloud utilizes cryptographic technologies intended to protect information during storage and transmission. Responsibility for encryption technologies and key management varies depending upon deployment model and the specific cloud services utilized.
brainCloud remains responsible for platform-level cryptographic implementations and operational integration of cryptographic services. Where customer-controlled key management systems are utilized, Customers remain responsible for administration, governance, and lifecycle management of those systems.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Backup Operations | brainCloud | brainCloud |
| Backup Scheduling | brainCloud | brainCloud |
| Recovery Procedures | brainCloud | brainCloud |
| Restoration Activities | brainCloud | brainCloud |
| Backup Storage Costs | brainCloud | Customer |
| Disaster Recovery Planning | Shared | Shared |
| Business Continuity Planning | Shared | Shared |
| Recovery Testing | Shared | Shared |
brainCloud maintains operational practices intended to support resilience, recovery, and service continuity. Backup methods, schedules, retention periods, and recovery capabilities may vary depending upon deployment model, support plan, and applicable commercial agreements.
brainCloud generally performs platform backup and recovery operations. Customers may be required to participate in recovery efforts involving customer-owned infrastructure, cloud-provider services, third-party integrations, or customer-controlled systems.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| DPA Compliance Support | brainCloud | brainCloud |
| Data Processing Controls | Shared | Shared |
| Privacy Notices | Customer | Customer |
| Legal Basis for Processing | Customer | Customer |
| End User Consents | Customer | Customer |
| Data Subject Requests | Shared | Shared |
| Data Classification | Customer | Customer |
| Customer Content | Customer | Customer |
| Customer Data Ownership | Customer | Customer |
brainCloud supports customer privacy obligations through technical, operational, and administrative safeguards. Privacy compliance remains a shared responsibility.
Customer Content and Customer Data remain under Customer ownership and control subject to applicable agreements. brainCloud provides platform capabilities intended to support customer privacy and compliance obligations.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Customer Application Code | Customer | Customer |
| Cloud Code Logic | Customer | Customer |
| SDK Integration | Customer | Customer |
| Authentication Configuration | Customer | Customer |
| Third-Party Integrations | Customer | Customer |
| AI Feature Configuration | Customer | Customer |
| Business Logic | Customer | Customer |
| Content Moderation Decisions | Customer | Customer |
Customers remain responsible for applications, business logic, integrations, and platform configuration decisions. brainCloud provides backend services and platform capabilities.
Customers remain responsible for ensuring that their use of third-party integrations and AI-enabled functionality complies with applicable laws, contractual obligations, and internal policies.
| Responsibility | Public BaaS | Customer-Owned Deployment |
|---|---|---|
| Platform Security Policies | brainCloud | brainCloud |
| Customer Compliance Programs | Customer | Customer |
| Customer Regulatory Compliance | Customer | Customer |
| Regulatory Compliance Activities | Shared | Shared |
| GDPR Compliance Activities | Shared | Shared |
| UK GDPR Compliance Activities | Shared | Shared |
| Quebec Law 25 Compliance Activities | Shared | Shared |
| COPPA / Children’s Privacy Activities | Shared | Shared |
| Audit Responses | Shared | Shared |
Compliance activities require cooperation between brainCloud and Customers. brainCloud provides platform-level controls intended to support customer compliance obligations, but Customers remain responsible for determining their applicable legal, regulatory, industry-specific, and internal governance requirements.
Enterprise customers may request information regarding platform controls, operational practices, and security measures. Responses may be governed by applicable agreements, confidentiality obligations, and operational considerations.
brainCloud may provide information regarding platform security controls, operational practices, and governance processes to support customer due diligence activities. Customers remain responsible for determining whether such information satisfies their regulatory, contractual, or organizational requirements.
The Customer owns and controls the cloud account.
For Public BaaS deployments, cloud costs are generally borne by brainCloud. For Customer-Owned Deployments, cloud costs are generally borne by the Customer.
No. Customer-Owned Deployments generally remain operationally managed by brainCloud unless otherwise agreed.
brainCloud generally performs platform updates, upgrades, bug fixes, and security patching across all deployment models.
brainCloud generally performs platform backup and recovery operations. Specific recovery capabilities may vary based on deployment model and commercial arrangements.
Customers retain ownership and control of customer content and customer data subject to applicable agreements.
In Public BaaS, brainCloud generally manages platform key storage and cryptographic controls. In Customer-Owned Deployments, Customers may control cloud-native key management systems depending upon architecture and agreement.
brainCloud generally performs platform vulnerability remediation. Customers remain responsible for vulnerabilities in their own applications, integrations, and business processes.
brainCloud generally performs platform security monitoring in both deployment models.
brainCloud manages cloud-provider relationships for Public BaaS. Customers generally manage cloud-provider relationships for Customer-Owned Deployments.
Certificate responsibilities may be shared depending upon deployment architecture, DNS ownership, and customer-controlled infrastructure arrangements.
Applicable agreements govern termination, transition, access, and support obligations. Customer-Owned Deployments may require transition planning due to customer-owned infrastructure.
Direct infrastructure access depends upon the applicable agreement, support model, security requirements, and operational considerations.
For Customer-Owned Deployments, customers may select supported cloud providers subject to brainCloud technical requirements and commercial agreement.
Customer-Owned Deployments may support data residency requirements depending upon cloud provider, architecture, and applicable agreement.
Ownership of cloud resources does not automatically transfer operational responsibility for the platform.
brainCloud secures the platform. Customers secure their applications, users, business processes, and operational decisions.
brainCloud provides platform capabilities and safeguards. Customers remain responsible for determining the legality of their processing activities.
Both parties play important roles in supporting applicable compliance obligations.
This principle represents one of the primary differentiators of the brainCloud deployment model. Customers receive infrastructure ownership and flexibility while brainCloud continues to provide operational expertise and managed platform services.
brainCloud’s deployment model is intended to allow customers to focus on application development while brainCloud performs platform operational activities.
Appendix A – Public BaaS Example
A customer deploys a game using the shared brainCloud platform. brainCloud owns the cloud account, pays the cloud service costs, operates the infrastructure, performs monitoring, applies platform updates, applies security patches, manages platform backups, and provides operational support according to applicable agreements.
The customer remains responsible for application code, cloud code logic, gameplay functionality, end-user relationships, customer content, privacy notices, legal bases for processing, compliance obligations, third-party integrations, and application-specific security decisions.
Appendix B – Customer-Owned Deployment Example
A customer owns an AWS, Azure, or Google Cloud account and pays the associated cloud service costs. brainCloud deploys the brainCloud platform into the customer-controlled cloud environment and generally performs platform operations, DevOps activities, monitoring, patching, upgrades, maintenance, backups, restoration activities, and support according to applicable agreements.
This model allows the customer to maintain infrastructure ownership, data residency control, cloud-provider governance, and cloud account visibility while allowing brainCloud to operate and maintain the platform.
Appendix C – Enterprise Review Questions
Customers seeking additional information should review the Security Overview, Trust Center, Data Processing Agreement, Service Level Agreement, Public BaaS Support Agreement, and Subprocessor List. These documents provide additional information regarding security governance, privacy obligations, operational controls, support commitments, service availability, and vendor management.
DISCLAIMER
This Deployment Responsibility Matrix is provided solely for informational purposes.
Nothing contained in this document creates contractual commitments, warranties, certifications, service level guarantees, operational commitments, or representations beyond those expressly set forth in applicable agreements.
Specific responsibilities may vary based upon deployment model, contractual commitments, Statements of Work, Support Agreements, Professional Services Agreements, or custom enterprise arrangements.
In the event of any conflict between this document and an applicable agreement, the applicable agreement shall govern.
brainCloud may update this document from time to time as technologies, operational practices, legal requirements, and deployment models evolve.
We’ll get back to you as soon as we can.
