Prompt content: stays inside the customer network
The gateway agent processes, classifies, and decides locally..
Methodology / Privacy
AI-SPM Privacy Methodology
Public methodology behind the privacy claims on the architecture and trust pages. What stays inside the customer network, what leaves it, and how the audit log is bounded.
Last reviewed June 2026
Problem
The gap Privacy closes
Marketing copy on AI security tools routinely promises privacy without saying what specifically is or is not transmitted. Procurement teams need an explicit data-flow boundary they can quote in a DPA.
How Penaxtra approaches it
How Penaxtra delivers Privacy
The runtime gateway runs inside the customer network. Prompt content never leaves it. Only the allow or block decision and a redacted finding record cross the trust boundary. Judge rationales are PII-redacted before persistence in the control plane.
Technical capabilities
Privacy capabilities
Outbound payload to control plane: timestamp, asset identifier, policy decision (allow or block), block-reason code (taxonomy of about forty codes), redacted finding metadata, signed rule-blob version
No prompt body, no response body..
Judge rationales: stored with PII redaction applied at persistence time
The unredacted form exists only transiently inside the judge process..
Audit log: append-only, tamper-evident, retention tenant-configurable from 1 day to 36500 days
.
Encryption at rest: authenticated public-key sealed-box for secrets, age-encrypted off-site backups
.
Subprocessor exposure: declared per region on the trust portal
.
Compliance mapping
Privacy compliance mapping
GDPR Article 5 (data minimisation), Article 28 (processor obligations), Article 32 (security of processing); ISO/IEC 42001 A.7 (data) and A.8 (information management); EU AI Act Article 10 (data and data governance).
FAQ
Frequently asked
Does any prompt content leave the customer network?
No. The runtime gateway agent classifies and decides locally. The control plane receives the decision, not the prompt body. This is enforced by the agent build; the network egress allowlist contains only the control-plane endpoint with a documented payload shape.
What about adversarial scan probes themselves?
Probes are synthetic content authored by Penaxtra Security Research; they contain no customer data. Scan responses from the customer endpoint are processed by the judge pipeline; rationales referencing the response are redacted before persistence.
How is "redacted" defined?
A deterministic PII-detector runs over every judge rationale before persistence. Detected entities (names, addresses, identifiers, credentials) are replaced with type-prefixed placeholders. The detector list is reviewed each release and documented in the changelog.
Related
Explore further
Request a demo
Scoped walkthrough of the Methodology / Privacy surface against your environment. No credit card.