Privacy-Preserving Architecture: Your Data Never Leaves
CauseFlow is the only incident investigation platform that deploys a Privacy-Enhancing Technology (PET) directly in your infrastructure. A Docker agent processes, masks, and anonymizes sensitive data at the edge — hostnames, IPs, user IDs, API keys, service names — before any transmission. Your raw data never leaves your security perimeter. The AI cloud receives only what it needs for root cause analysis, with sensitive identifiers replaced by opaque tokens.
Privacy-Preserving Mode
- No raw data transmission — ever
- Customer-controlled masking rules
- Reversible mapping stays in your infrastructure
Minimum Access with Full Control
On-demand reading, no persistence
The agent reads data only during active investigation. After analysis, data is discarded. We don't store raw customer data.
Data read on demand, analyzed in-memory, discarded after investigation completion.
Least privilege access
Each integration uses read-only credentials with minimum scope via OAuth. The agent never has write access unless explicitly authorized.
OAuth scopes limited to read-only; write access requires explicit human approval.
No writing by default
The agent is read-only. Remediation actions require explicit user approval (human-in-the-loop) before any destructive action.
All write operations gated behind human-in-the-loop approval flow.
Isolation and Transparency
Tenant isolation
Each customer has individual KMS encryption via AWS. Data is never mixed between customers. LLM calls contain data from exactly one tenant.
Per-tenant KMS keys, isolated ECS tasks, single-tenant LLM contexts.
No cross-training
Customer data is never used to train models for other customers. Fine-tuning is exclusive per account when applicable.
Zero cross-customer data sharing; per-account fine-tuning isolation.
Immutable audit trail
Each investigation generates detailed log in S3 with Object Lock (WORM). The log is visible to the customer and cannot be altered.
S3 Object Lock (WORM), includes: sources accessed, data read, tokens processed, result.
Compliance & Certifications
| Certification | Status | Details |
|---|---|---|
| LGPD | Compliant since launch | KMS per-tenant + TTL + right-to-delete. Data subject requests fulfilled in 15 days. Breach notification in 72h. |
| GDPR | Compliant since launch | Same mechanisms cover GDPR. Standard Contractual Clauses for cross-border transfers. |
| SOC 2 Type II | In Progress | Full audit cycle with independent assessor. Automated compliance platform in use. |
| ISO 27001 | On Roadmap | Information security management system certification planned. |
| HIPAA | On Roadmap | Healthcare data compliance certification planned. |
Integration Security
Every connection CauseFlow makes to your tools is secured at every layer — from credential storage to data transmission.
SOC 2 Certified Integration Infrastructure
Our integration infrastructure is SOC 2 certified — independently audited to confirm that your credentials and access tokens are managed with enterprise-grade security controls.
ISO 27001:2022 Certified
ISO 27001:2022 certification for our integration layer confirms that information security management processes meet the latest international standard.
OAuth 2.0 & Encrypted Credentials
Integrations use OAuth 2.0 where available. API keys are encrypted at rest with per-tenant KMS keys and never stored in plaintext or exposed in logs.
AES-256 Encryption at Rest
All integration credentials are encrypted with AES-256 using per-tenant encryption keys. Rotating keys are managed via AWS KMS with automatic rotation.
Read-Only Access by Default
CauseFlow requests only read permissions when connecting to your tools. Write operations — such as opening a fix PR — require explicit human approval before execution.
Tenant Isolation
Every integration credential and access token is cryptographically isolated per customer account. It is architecturally impossible for one customer's credentials to be accessed by another.
Security Architecture
Client (HTTPS) -> Web Application Firewall -> Load Balancer -> ECS Tasks (private subnets)
ECS Tasks -> Network Gateway -> External APIs (Slack, GitHub, etc.)
Credentials in AWS Secrets Manager with automatic rotation
Managed Database/NoSQL Database in private subnet with no internet exposure
All logs centralized in Monitoring & Alerting + Immutable Object Storage
Data at rest: AES-256 per-tenant encryption keys. Data in transit: TLS 1.3
Data Isolation (Multi-tenancy)
| Layer | Isolation Mechanism |
|---|---|
| Application | Tenant ID required in every query, log and record. LLM calls containing data from exactly one tenant. |
| Database | Database with Row Level Security (RLS) by tenant_id. |
| Vector DB | Partitioned vector storage with hard isolation per tenant. Designed to scale to millions of tenants. |
| Infrastructure | Each investigation runs in ephemeral container with restricted permissions. Container destroyed upon completion. |
| PII Gateway | Microsoft Presidio detects and anonymizes emails, phones, SSNs, cards. Reversible anonymization. |
| Encryption | Data at rest: AES-256 per-tenant encryption keys. Data in transit: TLS 1.3. |
Why AWS Bedrock: The Strongest Privacy Guarantees for AI
AWS does not use customer data to train models
Model providers have zero access to prompts/completions
ISO/IEC 42001 certification (first major cloud provider)
PrivateLink support for VPC-private connectivity
Guardrails for PII detection/redaction
Let's Talk About Your Incident Workflow
We're Engineering Managers and AI Specialists who spent years investigating incidents across disconnected tools. We built CauseFlow because we lived the same pain you're dealing with right now.
No sales pitch — just a conversation about your team's biggest pain points.