Pathnovo deploys across the full spectrum: cloud SaaS, customer-managed cloud (BYOC on Azure or AWS), and sovereign / regional residency (Azure UAE North, AWS Riyadh, Azure India Central, Azure Singapore, AWS Frankfurt). Customer-managed keys (BYOK), IEC 62443 alignment, ISO 27001 in flight, SOC 2 Type II in flight. For most EPC and owner-operator buyers, sovereign cloud + BYOK matches air-gapped security at half the cost. For sanctions-restricted or classified deployments where air-gapped is genuinely required, Pathnovo's customer-managed cloud option closes the gap without requiring a hardware appliance.
Cloud SaaS for the fastest time-to-value (most clients land here). Customer-Managed Cloud (BYOC) deployed in your own Azure or AWS tenant for sovereignty + sanctions + air-gapped requirements. Sovereign Region deployment with data residency in Azure UAE North, AWS Riyadh, Azure India Central, Azure Singapore, or AWS Frankfurt EU. Same product, three commercial models.
Choose where your engineering data physically resides: Azure UAE North (Aramco / ADNOC ecosystem), AWS Middle East (Bahrain) and AWS Riyadh, Azure India Central (Indian PSU + EPC compliance), Azure Singapore + AWS Singapore (SE Asia EPC), AWS Frankfurt EU (European GDPR scope). Compliance is built into the deployment selection, not a post-deployment retrofit.
Bring your own key from Azure Key Vault, AWS KMS, HashiCorp Vault, or Google Cloud KMS. Pathnovo's encryption-at-rest and encryption-in-transit architecture lets customers retain root key control. Revocation = immediate access termination. For sanctions-sensitive and classified deployments where data sovereignty is non-negotiable, this is the standard.
Pathnovo's architecture is IEC 62443 (industrial cybersecurity) aligned, with ISO/IEC 27001 certification in flight (target Q4 2026) and SOC 2 Type II audit in flight (target H1 2027). Cloud deployments inherit Azure / AWS native compliance certifications. Customer-managed deployments inherit your own enterprise security controls.
Genuine air-gapped requirements: defense-adjacent O&G, sanctions-restricted (Iran / Iraq / Russia / Cuba) operators, and classified facilities. For these narrow segments (~5% of EPC market), Pathnovo's customer-managed cloud deployment in an air-gapped Azure / AWS Stack environment matches Levian-style hardware appliance security without requiring physical hardware shipment. For the other 95% (Indian PSU + Gulf NOC + global EPC), sovereign cloud + BYOK delivers equivalent security at half the total cost of ownership.
Hardware appliance approach (Levian-style): hardware capex + on-prem infrastructure + maintenance contracts + on-site support + air-gapped network management. Total 3-year TCO typically 2-3x sovereign cloud equivalent. Pathnovo's sovereign cloud deployment delivers the same security posture for sanctions-compliant buyers (excluding genuinely classified workloads) at materially lower total cost.
Hosted in Azure (default region: Azure West Europe / Azure East US for global scope; Azure UAE North / Azure India Central by selection). 99.9% uptime SLA. Microsoft Defender + Azure native security controls. ~95% of Pathnovo customers deploy on this tier.
Pathnovo deploys into your own Azure or AWS tenant. Your subscription, your security perimeter, your network controls, your key management. Pathnovo manages the application; you manage the infrastructure. Suitable for tier-1 owner-operators with strict cloud-vendor approved-list requirements.
Locked to a specific cloud region for data residency compliance: Azure UAE North, AWS Riyadh, Azure India Central, Azure Singapore, AWS Frankfurt EU. Data never leaves the region. Audit reports confirm region-locked storage, processing, and backup.
Pathnovo deployed inside customer's air-gapped Azure Stack Hub or AWS Outposts environment for genuine air-gapped requirements. No internet egress; no telemetry; no auto-updates without customer-controlled patch windows. Compliance-aligned to defense / sanctions-restricted use cases.
Pathnovo extraction processing in customer-managed cloud + Pathnovo platform management from Pathnovo SaaS environment. Useful for clients wanting data sovereignty for processing while accepting Pathnovo SaaS for tooling, monitoring, and support.
Deployment-tier-specific audit reports: SOC 2 (when complete), ISO 27001 (when complete), IEC 62443 alignment statement, region-locked data flow attestations, BYOK key-management policy documentation, and regulatory-region-specific compliance reports (UAE NESA, Saudi NCA, Indian CERT-In, EU GDPR Article 28).
Indian PSU refinery (IOCL / BPCL / HPCL): Azure India Central deployment with BYOK + IBR / OISD / PESO / CCOE compliance overlay
Aramco / ADNOC ecosystem operator: Azure UAE North or AWS Riyadh deployment with data residency in Saudi Arabia or UAE
Tier-1 oil major with strict approved-cloud-vendor list: customer-managed BYOC in client's existing Azure or AWS tenant
Sanctions-restricted operator (Iran / Iraq / Russia adjacent): air-gapped customer-managed deployment in Azure Stack Hub or AWS Outposts
European GDPR-scoped owner-operator: AWS Frankfurt EU deployment with EU-only data residency attestation
Singapore-based regional EPC: Azure Singapore deployment for SE Asia + Indonesia + Malaysia + Thailand project portfolios
Indian DPDP Act 2023 compliant deployment: Azure India Central + Indian PSU rate-card + IBR Form IV automation
Multi-region owner-operator portfolio: hybrid deployment with Indian regional data in Azure India Central, Gulf data in Azure UAE North, EU data in AWS Frankfurt
Yes, in two ways. (1) Customer-managed cloud (BYOC): Pathnovo deployed inside your own Azure or AWS tenant, you manage the infrastructure, Pathnovo manages the application. (2) Air-gapped customer-managed: deployed inside Azure Stack Hub or AWS Outposts in your air-gapped environment with no internet egress. Genuine on-premise (bare-metal hardware appliance) is not Pathnovo's deployment model; for that narrow segment Pathnovo's customer-managed cloud + BYOK matches the security posture at lower TCO.
Configurable per deployment tier. Cloud SaaS default: Azure West Europe or East US (selectable). Sovereign region selection: Azure UAE North, AWS Riyadh, AWS Bahrain, Azure India Central, Azure Singapore, AWS Singapore, AWS Frankfurt EU. Customer-managed (BYOC): wherever your own Azure or AWS tenant is provisioned. Audit reports confirm region-locked storage, processing, and backup attestations per deployment tier.
Yes. BYOK is the standard for customer-managed cloud and sovereign region deployments. Pathnovo's encryption architecture supports key management from Azure Key Vault, AWS KMS, HashiCorp Vault, and Google Cloud KMS. Customers retain root key control: revocation = immediate access termination. For tier-1 owner-operators and Indian PSU + Gulf NOC clients with sanctions-sensitive workloads, BYOK is the standard configuration.
Pathnovo's architecture is aligned to IEC 62443 (industrial cybersecurity) controls. Full IEC 62443 certification is in flight per the Pathnovo compliance roadmap (target H2 2027). For customers requiring IEC 62443-aligned deployment immediately, the customer-managed cloud (BYOC) tier inherits your own IEC 62443 compliance regime. For sanctions-restricted defense-adjacent deployments, the air-gapped customer-managed tier provides the network-segregation foundation that IEC 62443 zones-and-conduits architecture requires.
Saudi Arabia: AWS Riyadh region. UAE: Azure UAE North. Bahrain: AWS Bahrain. India: Azure India Central (Mumbai / Pune dual-zone). Singapore: Azure Singapore + AWS Singapore. EU: AWS Frankfurt + Azure West Europe. Each region's deployment is locked to that region for storage, processing, and backup. Region-specific compliance attestations (Saudi NCA, UAE NESA, Indian CERT-In + DPDP Act 2023, EU GDPR Article 28, Singapore PDPA) included in deployment documentation.
Levian's Levian Box is a hardware appliance shipped to customer site for genuinely air-gapped P&ID MTO deployment. For sanctions-restricted (Iran / Iraq / Russia adjacent) and classified-facility deployments where physical air-gap is contractual, Levian's approach is valid. For the 95% of EPC market that needs sovereignty + BYOK + region-locked data residency without genuine air-gap, Pathnovo's customer-managed cloud (BYOC) or sovereign region deployment delivers equivalent security at materially lower total cost (no hardware capex, no on-prem infrastructure, no maintenance contracts). See /alternatives/levian and /compare/pathnovo-vs-levian for detail.
Three narrow segments: (1) Defense-adjacent O&G operators (e.g. nuclear-adjacent process facilities, military fuel depots, strategic petroleum reserves with classified perimeter); (2) Sanctions-restricted operators where internet connectivity to non-allowed jurisdictions is prohibited (Iran, Iraq, Russia, Cuba, North Korea per OFAC + EU sanctions lists); (3) Classified-facility deployments under government security regimes (Saudi NCA-Top Secret, Indian CCA-Restricted, US ITAR-Controlled). For all three, Pathnovo's air-gapped customer-managed deployment in Azure Stack Hub or AWS Outposts is the recommended approach. For everyone else, sovereign cloud + BYOK is sufficient and materially cheaper.
Cloud SaaS (default): standard credit-based tier pricing (Starter ₹40,000/$1,200 per month for 1,000 credits, Professional ₹1,75,000/$5,500 for 5,000 credits, Scale from ₹6,50,000/$20,000 for 25,000 credits, Enterprise custom). Customer-managed cloud (BYOC): same tier pricing PLUS your own Azure / AWS infrastructure cost (typically $2,000-$15,000 / month depending on volume). Sovereign region: same tier pricing with no additional infrastructure cost (Pathnovo absorbs the regional Azure / AWS cost). Air-gapped customer-managed (Enterprise tier only): tier pricing PLUS Azure Stack Hub or AWS Outposts infrastructure cost (typically $25,000-$80,000 / month depending on scale). Indian PSU rate-card compatible across all tiers.
Pricing
Per-document pricing unchanged across tiers; deployment infrastructure varies. Cloud SaaS default; BYOC + Sovereign region available on request.
Learn more
Pillar
AIM register that runs on the deployment tier you select; same data, different residency.
Learn more
Pillar
Core extraction capability available across all four deployment tiers.
Learn more
Pillar
Live with McDermott. Available in any deployment tier the customer requires.
Learn more
Compliance
IBR + OISD + PESO + CCOE deployable in Azure India Central with BYOK + Indian PSU rate-card.
Learn more
Region
Azure India Central data residency, Indian DPDP Act 2023 compliant, IBR / OISD / PESO / CCOE overlay.
Learn more
Region
Azure UAE North + AWS Riyadh + AWS Bahrain regional residency for ADNOC / Aramco / Petronas / KOC ecosystems.
Learn more
Region
Azure Singapore + AWS Singapore for SE Asia + Indonesia + Malaysia + Thailand portfolios.
Learn more
Alternative
Hardware appliance vs sovereign cloud + BYOK comparison. 95% of buyers fit cloud-tier sovereignty.
Learn more
Alternative
AIM platforms lock customers into vendor-controlled cloud. Pathnovo offers BYOC + sovereign alternatives.
Learn more
Alternative
Cognite SaaS-only deployment; Pathnovo offers BYOC + sovereign region for tier-1 owner-operators.
Learn more
Alternative
IPS SaaS-only; Pathnovo's deployment flexibility is a procurement advantage at tier-1 buyers.
Learn more
Compare
Cloud + BYOC + sovereign vs hardware appliance: TCO + security comparison.
Learn more
Integration
Pathnovo deployment tier feeds AVEVA Connect ingestion regardless of which AIM region the customer chose.
Learn more
Integration
Same pattern for Hexagon SDx2 + SmartPlant Foundation customers.
Learn more
Engineering data has three things that drive deployment requirements: (1) regulatory residency, plant data falls under regional sovereignty (UAE NESA, Saudi NCA, Indian DPDP Act, EU GDPR), (2) IP sensitivity, P&IDs and isometrics encode capital-intensive engineering decisions buyers want to control, (3) sanctions exposure, some operators legally cannot use cloud services connected to non-allowed jurisdictions. A single deployment model (e.g. cloud SaaS only, or hardware appliance only) excludes large segments of the buyer pool. Pathnovo's three-tier deployment model (Cloud SaaS, Customer-managed BYOC, Sovereign region, plus air-gapped variant) addresses all three drivers without forcing buyers into a deployment that does not fit their compliance reality. Multi-competitor moat: Levian (hardware-only) excludes 95% of the market; IPS / Acuvate / Outerport (cloud-only) exclude sanctions-restricted segments; AVEVA Connect / Cognite (vendor-controlled cloud) exclude BYOC-required tier-1 operators. Pathnovo covers all of them.
For Indian PSU refineries (IOCL, BPCL, HPCL, ONGC, GAIL) and Indian EPC contractors (L&T Hydrocarbon, Tata Projects, Petrofac India, Toyo Engineering India): Azure India Central (default sovereign region). Indian DPDP Act 2023 compliance requires data residency in India for personal data; Pathnovo's engineering data does not contain regulated personal data, but Indian PSU procurement standards still expect Indian residency for sensitive plant designs. Azure India Central + BYOK + Indian PSU rate-card is the standard Indian deployment. CERT-In incident reporting is supported via the Azure India Central regional security operations centre. See /compliance/indian-epc-compliance-bundle for the regulatory overlay that runs on top of this deployment.
For Saudi Arabia (Aramco ecosystem): AWS Riyadh region. Aramco's IT-1100 cybersecurity standard expects in-Kingdom data residency for plant data; AWS Riyadh launched 2024 specifically to address this. For UAE (ADNOC ecosystem): Azure UAE North (Abu Dhabi + Dubai dual-zone). UAE's NESA / TDRA Cybersecurity Strategy expects in-country residency for critical infrastructure data. For Qatar (QatarEnergy): currently AWS Bahrain or Azure UAE North until QatarEnergy approves a local region; in-Kingdom hosting roadmap pending. For Bahrain / Oman / Kuwait: AWS Bahrain or Azure UAE North per regional preference. BYOK is standard across all Gulf deployments. See /regions/uae-middle-east for the regional context.
Three scenarios. (1) Customer's enterprise IT policy mandates that all SaaS-class workloads run inside the customer's own approved cloud tenant (typical at tier-1 oil majors, multinational chemical operators, large utilities). (2) Customer has invested in their own cloud security stack (Microsoft Defender, AWS Security Hub, custom IAM, custom network segmentation) and wants Pathnovo to inherit it rather than relying on Pathnovo's SaaS security perimeter. (3) Customer's sanctions exposure or M&A integration timing makes vendor-controlled cloud uncomfortable. For all three, BYOC is the recommended deployment. Per-document pricing is unchanged; customer absorbs the Azure / AWS infrastructure cost.
AVEVA Connect: AVEVA-controlled cloud only. No BYOC, limited regional residency. Cognite Data Fusion: Cognite-controlled cloud only. Hexagon SDx2: vendor-controlled cloud (Azure-based, regional selection limited). All three lock buyers into vendor-controlled cloud architectures. Pathnovo's three-tier model (Cloud SaaS + BYOC + Sovereign region + air-gapped variant) is materially more flexible. For tier-1 owner-operators evaluating AIM platforms, this is a meaningful procurement-channel differentiator: Pathnovo can sit upstream of AVEVA / Cognite / Hexagon while honouring the customer's deployment-tier requirements that the AIM platforms themselves cannot satisfy.
Send us 10 documents from your current project. We extract, reconcile, and show you exactly what we find in 48 hours, before any contract.
If the accuracy isn't what we promised, you owe us nothing.
Connect with Pathnovo to discuss your engineering document intelligence needs.
Email: hello@pathnovo.com
Send us a message, and we'll get back to you shortly.
You can also stay connected through our official social media channels.
Our Offices
Bangalore Office
Unit 101, OXFORD TOWERS 139, Old HAL Airport Rd, Kodihalli, Bengaluru, Karnataka 560008