What is bring-your-own-destination (BYOD)?
What BYOD means
Bring-your-own-destination is a pattern where the customer, not the vendor, decides where product events are delivered. Rather than picking from a short menu of integrations the vendor happened to build, the customer points your events at infrastructure they already operate, a storage bucket, a warehouse, a queue, a database, or a webhook endpoint, and authorizes delivery with credentials they manage.
The defining characteristic is ownership. The destination belongs to the customer. The credentials belong to the customer. The data lands in a system the customer controls and can audit. Your platform's job is to deliver reliably to that destination, not to own the storage or the access.
Why enterprise customers ask for it
Enterprise procurement consistently asks the same question: "Where does our data live, and who controls it?" Regulated and security-conscious buyers want events delivered into infrastructure they own, on credentials they manage and can revoke, with an audit trail they can produce on their own side. They do not want their compliance posture to depend on your storage decisions.
For a SaaS vendor, the alternative answers are both bad. "It's on the roadmap" loses deals to a vendor who already said yes. "We'll build you a one-off integration" commits engineering time to a single contract and sets a precedent that compounds with every subsequent enterprise customer. BYOD turns the request into a productized capability that uses the same code path for everyone.
How Pushrail supports BYOD
Pushrail makes bring-your-own-destination a first-class feature. The customer authorizes Pushrail to write to their bucket, queue, warehouse, or database with their own credentials. Those credentials are stored encrypted at rest, scoped to that customer's destination, and used to write events under the customer's identity rather than yours.
Tenant isolation is enforced at every layer: a credential belongs to one customer, a destination configuration belongs to one customer, and audit-log entries are scoped to one customer. A different customer in the same Pushrail tenant cannot see, use, or trigger writes against another customer's destination. Customers can configure and rotate their own destinations from an embedded portal, and every config change, rotation, and delivery attempt is logged for compliance review.
BYOD versus a fixed integrations list
A fixed integrations list ships whatever destinations the vendor decided to build. It works until a customer wants something not on the list, or wants the data on their own credentials in their own account, at which point the vendor is back to bespoke work or a "no."
BYOD is a capability difference, not a longer list. Because the customer brings the destination and the credentials, the set of supported targets is bounded by destination types rather than by named third-party integrations, and the data always lands where the customer controls it. That is what lets a SaaS vendor say "yes" to enterprise data-residency and audit requirements without an engineering project per account.
Related guides
What does it mean for event destinations to be customer-configurable?
What is outbound event delivery, and why does a SaaS platform need it?
What is an embedded integration portal, and why build one into a SaaS product?
Related destinations
Deliver events as NDJSON files into a customer-owned S3 bucket, batched, partitioned, and idempotent.
Stream batched NDJSON events into a customer-owned GCS bucket, same delivery model as S3, on GCP.
Continuous ingest into a customer-owned Snowflake table via Snowpipe-style staging.
Stream events directly into a customer's BigQuery dataset, table per event type or single wide table.
Related use cases
Let enterprise customers point your events at their own infrastructure, close the ACV-driving deals without bespoke engineering.
Close 'where does our data go?' procurement asks with a productized export feature instead of a custom commitment.
Frequently asked questions
What does bring-your-own-destination mean?
It lets each customer point your product's events at infrastructure they own, their bucket, warehouse, queue, or webhook, using credentials they manage and can revoke, instead of choosing only from integrations the vendor decided to build.
Whose credentials are used to deliver the events?
The customer's. Pushrail stores the credential encrypted at rest, scopes it to that customer's destination, and writes events under the customer's identity, not the vendor's. Customers can rotate credentials from the dashboard, and in-flight deliveries drain on the old credential while new deliveries use the new one.
How is one customer's destination isolated from another's?
Tenant isolation is enforced at the API and storage layers: the credential, the destination configuration, and the audit-log entries are each scoped to one customer. A different customer in the same tenant cannot see, use, or trigger writes against another customer's destination.
Is BYOD just a longer list of integrations?
No. It is a capability: the customer brings the destination and the credentials, so the data always lands where the customer controls it. That is different from a fixed menu of vendor-built integrations, where anything off the list means bespoke work or a no.
Offer bring-your-own-destination to your enterprise customers without bespoke engineering.
Sandbox is open. No credit card.