Logfire Enterprise already offers two deployment paths: Enterprise Cloud for teams that want fully managed observability with enterprise contracts, SLAs, and compliance controls, and Enterprise Self-Hosted for teams that need to run everything on their own infrastructure. Most enterprise customers are well served by one of those two options.
But we kept hearing from a specific category of team: they needed stronger isolation than shared cloud could offer, yet they didn't want to operate Kubernetes, Postgres, object storage, upgrades, and incident response themselves. They wanted managed Logfire, in infrastructure dedicated to them.
Today we're announcing Enterprise Dedicated: a fully managed, single-tenant Logfire deployment operated by Pydantic. Our early adopters of this plan are already up and running, and we're now making it broadly available.
Where Dedicated Fits
Logfire Enterprise has three deployment modes. Here's how they compare. You can see the full comparison on our pricing page.
Enterprise Cloud: Managed cloud, ready quickly. EU and US regions, SSO, custom retention, volume discounts, DPAs, and HIPAA BAAs. The fastest path to production and the right starting point for most enterprise teams.
Enterprise Self-Hosted: You run Logfire on your own Kubernetes cluster with your own Postgres and S3-compatible storage. Maximum customer control, with our open source Helm chart and support from the Pydantic team. Best when you need full control over every layer. Self-hosted remains a core part of our enterprise offering and we continue to invest in it.
Enterprise Dedicated: Managed single-tenant infrastructure. Any GCP region. Dedicated VPC, Kubernetes, Postgres, and object storage. CMEK, Private Service Connect (PSC), and IP allowlisting available as additions. Best when you need the isolation properties of self-hosted without taking on the operational burden.
If you're evaluating Logfire for enterprise use and aren't sure which mode fits, Enterprise Cloud is the place to start. Dedicated exists for teams whose infrastructure, compliance, or data residency requirements specifically demand single-tenant isolation.
What Enterprise Dedicated Is
Each Dedicated customer gets an isolated environment: their own virtual network, managed Kubernetes cluster, managed PostgreSQL database, and object storage, provisioned in a region they choose. You access it through a unique hostname. It's the same Logfire product experience. We handle provisioning, upgrades, and operations. The difference is that the infrastructure running it belongs entirely to your deployment.
This is not "self-hosted lite." It's managed Logfire, deployed into infrastructure that is dedicated to one customer, with networking and encryption controls that shared SaaS cannot provide.
What You Get
A Dedicated environment includes:
- Dedicated virtual network with a private subnet. No shared network paths with other tenants.
- Managed Kubernetes cluster running the Logfire application.
- Managed PostgreSQL database reachable only on a private IP, connected via service peering.
- Dedicated object storage bucket for trace and log data.
- NAT gateway for controlled outbound egress.
- Configurable deployment region for latency optimization, data residency, or compliance. GCP is currently supported; additional cloud providers are planned.
Security and Network Controls
The architecture is designed around isolation and least privilege.
There is no network path between tenant environments. Compute and database resources have no public IPs. Database traffic stays private through service peering. Firewall rules restrict traffic to the tenant subnet.
Inside the cluster, workload identity replaces static cloud credentials. Service accounts are scoped to the tenant and follow least privilege.
For encryption, CMEK (customer managed encryption keys) can be enabled for the database, object storage, and persistent volumes. Key revocation makes tenant data unreadable, a meaningful property for teams that need cryptographic control over their data lifecycle.
For teams that want to keep telemetry ingestion off the public internet, Private Service Connect (PSC) provides private connectivity between your application infrastructure and your Dedicated Logfire instance.
What Stays Managed
Pydantic handles the operational load. Provisioning, Kubernetes upgrades, database maintenance, storage management, and incident response are all on us. You don't need a dedicated platform team to run your observability infrastructure.
We receive operational telemetry from Dedicated environments for health monitoring, capacity planning, and incident response. Your application data (the traces, logs, and spans your services send to Logfire) is not included in that telemetry pipeline.
Who Should Consider It
Most enterprise teams should start with Enterprise Cloud. It's the fastest path and covers the majority of enterprise requirements including SLAs, DPAs, HIPAA BAAs, and EU/US data residency.
Enterprise Dedicated is specifically for teams that need single-tenant isolation:
- AI teams sending sensitive traces that include prompts, tool calls, completions, and user context, where shared infrastructure is not acceptable.
- Regulated industries (finance, healthcare, legal, public sector, enterprise SaaS) where observability data must stay within controlled, dedicated infrastructure.
- Platform and security teams that cannot route observability data through shared SaaS and need private networking.
- Teams that need specific region choice, CMEK, or private connectivity via PSC but don't want to staff Kubernetes operations for an observability platform.
If your procurement or security review specifically requires dedicated infrastructure, CMEK, Private Service Connect, or a specific deployment region, this is built for you.
Get Started
For a full comparison of all three enterprise deployment modes, see our Enterprise pricing and features or the Enterprise documentation. For architecture and setup details, see the Enterprise Dedicated docs.
To discuss which option fits your requirements, get in touch with us.
