Security & trust

Privacy by architecture, not by promise.

Offpath inspects data that is sensitive by definition: source code, customer records, credentials, regulated content. The product is engineered so that raw prompt and response content stays on the endpoint, and so that any operator access to that content is gated by a per-tenant key ceremony and an audit log the customer controls.

Data handling

What stays on the endpoint. What reaches the control plane.

Raw prompt and response content. Stays on the device.

The full text of every message an employee submits to an AI provider and the full text of every response are processed locally and discarded. They never leave the endpoint unless an operator explicitly elevates a specific incident through the workflow below.

Detection metadata. Reaches the control plane.

When the local detection engine flags a request as a policy violation, a structured event is sent containing tenant identifier, sensor identifier, detection category, per-category confidence, the rough byte length of the affected content, and a one-way fingerprint for incident deduplication. The actual content text is not included.

Operational telemetry. Reaches the control plane.

Sensor version, policy bundle version, fleet enrollment status, latency percentiles, and aggregate counters. No per-prompt data.

Process identity and command-line context. Used locally only.

The sensor sees which AI agent is generating which traffic so it can apply per-agent policy. This information is used locally and not transmitted to the control plane.

Data we never collect

Offpath does not collect keystrokes, screen captures, browser history outside the AI-vendor allowlist, location data, microphone or camera input, or any data unrelated to AI-bound traffic.

Operator access

On the record, with the customer's key.

When an operator needs to investigate a flagged incident, they can request the original content for that one incident through a deliberately friction-bearing workflow:

  1. Encrypted on the endpoint. The incident content is encrypted with a per-tenant data encryption key that the sensor has held in memory since enrollment.
  2. Uploaded against the incident identifier. The encrypted blob is uploaded to the control plane tied to the specific incident. It is not retained on the endpoint after upload.
  3. Recorded before unwrap. The operator's decryption request is recorded in a per-tenant audit log before the unwrap is attempted, including the operator's identity, the time of the request, the affected user, and the specific incident.
  4. Gated by a customer-held key. The unwrap is performed by a KMS service that the customer's organization controls. Offpath cannot decrypt the content unilaterally.

This is the deliberate works-council disclosure point in the system. An operator who needs to look at employee content has to do so on the record, with the customer's organization holding the decryption key.

Encryption & key management

Encrypted at rest and in transit. Customer-held unwrap keys.

In transit

All communication between the endpoint sensor and the control plane is over TLS 1.3 with mutual authentication. The sensor's identity is established at enrollment and rotated on a configurable schedule.

At rest

Per-tenant content blobs in the control plane are encrypted with envelope encryption. The data encryption key is wrapped by a key the customer's KMS controls. Operators cannot decrypt content without customer-held key material.

Key rotation

Signing keys for the policy bundle distribution path are rotated on a published schedule. Customer-held unwrap keys are rotated on the customer's schedule and Offpath has no role in that rotation.

Compliance posture

A Day-1 requirement, not a Phase-2 feature.

Data residency

Per-tenant data residency in US or EU, selected at tenant provisioning. Self-hosted single-tenant deployments are available for customers with sovereignty requirements that exclude shared SaaS.

GDPR · HIPAA · works councils

The privacy architecture supports GDPR data subject rights, HIPAA-covered deployments, and works-council disclosure flows on Day 1. Data Processing Addendum available on standard terms.

SOC 2

Type II audit in progress. Status and report available under NDA to prospects under active procurement engagement.

Sub-processors

The list of sub-processors used by the Offpath control plane is maintained and available on request. Customers are notified before any addition to the list.

Audit log export

The per-tenant audit log of operator content-access events is exportable in JSON or to a customer-owned object-storage bucket for compliance retention.

Platform support

Linux today. macOS in development.

Security teams evaluating Offpath under procurement can request the review packet, sub-processor list, and SOC 2 status at contact@offpath.ai.

Last updated 2026-05-24 · Offpath AI, Inc.