On-demand reading, no persistence
The agent reads data only during an active investigation. After analysis, data is discarded. We don't store raw customer data.
Data read on demand, analyzed in-memory, discarded after investigation completion.
Paranoid by design
Security that doesn't slow you down.
Read-only by default. The agent works alongside you, asks for clarification mid-investigation, and never writes without your sign-off.
Minimum access with full control
Least privilege access
Every integration uses read-only credentials with the minimum scope via OAuth. The agent never has write access unless explicitly authorized.
OAuth scopes limited to read-only; write access requires explicit human approval.
No writing by default
The agent is read-only. Remediation actions require explicit user approval (human-in-the-loop) before any destructive action.
All write operations gated behind a human-in-the-loop approval flow.
Isolation and transparency
Tenant isolation
Each customer has individual KMS encryption via AWS. Data is never mixed between customers. LLM calls contain data from exactly one tenant.
Per-tenant KMS keys, isolated ECS tasks, single-tenant LLM contexts.
No cross-training
Customer data is never used to train models for other customers. Fine-tuning is exclusive per account when applicable.
Zero cross-customer data sharing; per-account fine-tuning isolation.
Immutable audit trail
Each investigation generates a detailed log in S3 with Object Lock (WORM). The log is visible to the customer and cannot be altered.
S3 Object Lock (WORM); includes sources accessed, data read, tokens processed, result.
Privacy-Preserving Architecture: Your Data Never Leaves
CauseFlow is the only incident investigation platform that deploys a Privacy-Enhancing Technology (PET) directly in your infrastructure. A Docker agent processes, masks, and anonymizes sensitive data at the edge — hostnames, IPs, user IDs, API keys, service names — before any transmission. Your raw data never leaves your security perimeter. The AI cloud receives only what it needs for root cause analysis, with sensitive identifiers replaced by opaque tokens.
Privacy-Enhancing Technology
Privacy-Preserving Mode
- No raw data transmission — ever
- Customer-controlled masking rules
- Reversible mapping stays in your infrastructure
Integration Infrastructure
Integration Security
Every connection CauseFlow makes to your tools is secured at every layer — from credential storage to data transmission.
SOC 2 Certified Integration Infrastructure
Our integration infrastructure is SOC 2 certified — independently audited to confirm that your credentials and access tokens are managed with enterprise-grade security controls.
ISO 27001:2022 Certified
ISO 27001:2022 certification for our integration layer confirms that information security management processes meet the latest international standard.
OAuth 2.0 & Encrypted Credentials
Integrations use OAuth 2.0 where available. API keys are encrypted at rest with per-tenant KMS keys and never stored in plaintext or exposed in logs.
AES-256 Encryption at Rest
All integration credentials are encrypted with AES-256 using per-tenant encryption keys. Rotating keys are managed via AWS KMS with automatic rotation.
Read-Only Access by Default
CauseFlow requests only read permissions when connecting to your tools. Write operations — such as opening a fix PR — require explicit human approval before execution.
Tenant Isolation
Every integration credential and access token is cryptographically isolated per customer account. It is architecturally impossible for one customer's credentials to be accessed by another.
Data Isolation (Multi-tenancy)
| Layer | Isolation Mechanism |
|---|---|
| Application | Tenant ID required in every query, log and record. LLM calls containing data from exactly one tenant. |
| Database | Database with Row Level Security (RLS) by tenant_id. |
| Vector DB | Partitioned vector storage with hard isolation per tenant. Designed to scale to millions of tenants. |
| Infrastructure | Each investigation runs in ephemeral container with restricted permissions. Container destroyed upon completion. |
| PII Gateway | Open-source PII detection engine detects and anonymizes emails, phones, SSNs, cards. Reversible anonymization. |
| Encryption | Data at rest: AES-256 per-tenant encryption keys. Data in transit: TLS 1.3. |