Trust & Security

VectorFlow Cloud is a control plane. Customer log data never leaves the customer’s network. The control-plane data we do hold (pipeline configs, fleet metadata, secret references, audit logs) is encrypted with a per-organization data encryption key that VectorFlow operators cannot read.

Data flow

How customer data moves through VectorFlow Cloud. Read top to bottom — each block names a trust boundary; arrows are the data crossings between them.


┌──────────────────────────────────────────────────────────────────┐
│  Customer infrastructure (customer trust boundary)                │
│                                                                   │
│  ┌──────────────┐    ┌─────────────────┐    ┌──────────────────┐ │
│  │  Log sources │ ─► │  Vector agent   │ ─► │ Customer log     │ │
│  │  (apps,      │    │  (runs on       │    │ destinations     │ │
│  │  services)   │    │  customer infra)│    │ (S3, Splunk, ES) │ │
│  └──────────────┘    └────────┬────────┘    └──────────────────┘ │
│                               │ heartbeat + bounded metric        │
│                               │ samples (no raw payloads)         │
└───────────────────────────────┼───────────────────────────────────┘
                                │ HTTPS, mTLS-pinned
                                │ vf_node_<orgSlug>_*  token
                                ▼
┌──────────────────────────────────────────────────────────────────┐
│  VectorFlow Cloud control plane (vectorflow trust boundary)       │
│                                                                   │
│  ┌──────────────────────────────┐   ┌────────────────────────┐   │
│  │  <orgSlug>.agents.vectorflow │ ─►│  Per-org row store     │   │
│  │  Postgres + RLS              │   │  (pipeline configs,    │   │
│  │  (one DEK per organization)  │   │  audit log, fleet      │   │
│  └──────────────┬───────────────┘   │  metadata)             │   │
│                 │                   └────────────────────────┘   │
│                 │ generateDataKey / decryptDataKey                │
│                 ▼                                                 │
│  ┌──────────────────────────────┐                                 │
│  │  AWS KMS  (per-region CMK)   │                                 │
│  │  EncryptionContext = orgId   │                                 │
│  └──────────────────────────────┘                                 │
│                                                                   │
│  ─────────────────────────────────────  no-decrypt boundary  ──── │
│                                                                   │
│  ┌──────────────────────────────┐   ┌────────────────────────┐   │
│  │  ops.vectorflow.sh (operator │ ─►│  Operator views        │   │
│  │  console; WebAuthn + VPN)    │   │  (PII-masked; no       │   │
│  │  reads non-decrypted columns │   │  decrypt without grant)│   │
│  └──────────────────────────────┘   └────────────────────────┘   │
│                                                                   │
│  ┌──────────────────────────────────────────────────────────┐    │
│  │  Break-glass: OrgAccessGrant + KMS GrantToken            │    │
│  │   ─ requested by operator (Incident role)                │    │
│  │   ─ approved by customer admin (or auto-approved if      │    │
│  │     customer opts into P0-first-hour fast path)          │    │
│  │   ─ ≤60-minute window, single org, audited both sides    │    │
│  └──────────────────────────────────────────────────────────┘    │
└──────────────────────────────────────────────────────────────────┘

Key invariants:raw customer log payloads never cross the agent → control-plane boundary; VectorFlow operators cannot decrypt control-plane data without a per-org KMS grant approved by the customer admin; every operator action is mirrored to the customer’s own audit log with userName="VectorFlow Support".

Data we hold

Pipeline configurations. The YAML graphs you author in the visual editor. Encrypted at rest.
Fleet metadata. Node hostnames, heartbeat state, pipeline-to-node assignment. Not your log payloads.
Bounded metrics & samples. Numerical rollups for the dashboards, and capped event samples for the live preview. Default retention: 90 days.
Notification channel credentials. Webhook URLs, Slack tokens, PagerDuty integration keys. Encrypted with the per-org DEK and never logged.
Audit log. Every control-plane action, hash- chained for tamper evidence. Customer-visible from the dashboard.

What we explicitly do not hold: raw customer log payloads, event stream contents, anything that flows through the Vector pipelines themselves.

Encryption

Every organization gets its own data-encryption key (DEK), generated at signup and wrapped with the cloud KMS customer master key (AWS KMS). Field-level encryption uses AES-256-GCM with the DEK and an Additional Authenticated Data (AAD) tag bound to orgId + domain + rowKey. A ciphertext from one organization cannot be lifted into another organization’s row and decrypt cleanly — the AAD mismatch is detected and the decrypt fails.

DEK rotation re-wraps existing ciphertexts in the background; old and new ciphertexts both decrypt during the rotation window. Bring-your-own-key (BYOK) is on the roadmap for paying tiers.

Operator access model

VectorFlow operators cannot read your data in the normal course of running the service. Concretely:

The application runs against a non-owner Postgres role (vectorflow_app) with NOBYPASSRLS. Row-Level Security policies block cross-org reads at the database layer.
Operators sign in to a separate operator subdomain with WebAuthn. Their role grants list-and-suspend, not decrypt.
Decrypting a customer’s data requires an explicit break-glass grant: the operator opens a request, the customer admin is emailed, the grant is time-bound, and every decrypt is written to two independent audit logs (the customer audit chain and an operator-only PlatformAuditLog shipped to S3 with Object Lock).

Audit chain

Each AuditLogrow carries a SHA-256 hash linking it to the previous row in the organization’s chain. A break in the chain is detectable by anyone with the audit export. Customers can export their audit log at any time and verify the chain offline with the bundled verify-audit-chain.ts tool.

Egress & SSRF protection

Every outbound URL submitted to the control plane (webhook destinations, OIDC discovery, channel endpoints, BYOK KMS) is validated against a public-IP allowlist before any request is made. We reject private RFC 1918 ranges, link-local addresses (including AWS IMDS 169.254.169.254 and the IPv6 metadata rangefd00:ec2::254), loopback, Teredo, and IPv4-mapped IPv6 tunnels through to the same set.

Retention defaults

Data type	Default retention	Customer override
Pipeline configurations & versions	Lifetime of organization	Delete on demand
Audit log	7 years	Read-only by design
Metrics rollups (1h, 1d)	90 days	Plan-tier dependent
Event samples (live preview cache)	15 minutes	Disable per-pipeline
Operator decrypt audit (S3 Object Lock)	7 years	Cannot be overridden

Compliance posture

GDPR. Article 20 data export is supported per organization. Article 17 right-to-erasure is supported via org deletion (90-day cool-off then crypto-shredding the DEK).
SOC 2 Type II. Audit underway; readiness statement on request during the readiness window.
Sub-processors. Listed at /trust/subprocessors with 30-day advance notice for additions.
DPA. Customer-signable template at /trust/dpa.

Incident response

Security incidents that may affect customer data are disclosed to affected customers within 72 hours of confirmation, per the DPA. A post-mortem is published to this page within 14 days of the incident being resolved. Reach us at security@vectorflow.sh with PGP key on request.

Self-hosted edition

VectorFlow OSS (AGPL-3.0) is the same control plane without the multi-tenant boundary — you are your own operator. The cryptography defaults to v2 single-master-key mode and does not require AWS KMS. If you adopt the v3 envelope flow you can plug in HashiCorp Vault Transit; the interface is identical to the AWS provider Cloud uses.