Security operations with human approval
Enterprise Security & Compliance
Strong encryption, tamper-evident audit records, PII guardrails, and multi-tier RBAC. Controls designed to support GDPR, HIPAA workflow needs, ISO 27001, and EU AI Act preparation - designed in from day one.
Key Capabilities
Encryption & Key Management
Strong encryption at rest, TLS in transit. Key rotation with configurable retention. Customer-managed keys (BYOK) with AWS KMS, GCP, Azure, and HashiCorp Vault.
Compliance Export API
Full eDiscovery export of all run traces, inputs, outputs, and audit events. JSON-L streaming aligned with GDPR evidence-capture practices. HIPAA workflows additionally require a Business Associate Agreement that PrivateFlow does not sign today.
Tamper-Evident Audit Chain
Tamper-evident audit records with integrity checks covering all platform business events.
Agent Identity & Governance
Named agent identities with tool allowlists, knowledge scope restrictions, and per-run cost controls. Full audit trail per agent.
Data Residency Controls
Region-only or region-preferred processing. EU, US, or APAC data residency with classification-based filtering.
Policy Engine
26 guardrail types with escalation hierarchy, tool integrity monitoring, PII redaction, toxicity filtering, and prompt injection defense.
How It Works
Configure KMS
Connect your key management service. PrivateFlow uses envelope encryption - your key protects all data without ever leaving your KMS.
Set Policies
Define data residency region, classification levels, audit retention period, and agent governance rules.
Deploy Guardrails
Enable guardrail types per flow: PII, toxicity, hallucination, prompt injection, cost limits, and custom validators.
Export & Audit
Export compliance data on-demand or scheduled. Verify audit chain integrity cryptographically at any time.
Technical Stack
Ready to build production
Self-host in minutes with Docker, or use the cloud. Either way, you own your data and your models.