Guardrail API

Security & Data Handling

Guardrail is designed as a safety and governance layer for LLM traffic. This page explains, in plain language, how we think about security, what we log, and how data is handled in typical deployments.

Guardrail is currently offered as an early access product. Details on this page may evolve as the platform matures. For specific enterprise questions, please contact us.

Data Ownership

Your data is yours. Guardrail does not claim ownership over prompts, responses, or metadata that you send through the API or Admin Console. We do not train foundation models on customer data.

Multi-tenant Isolation

Guardrail is built around tenant isolation. Each tenant has its own configuration, policies, and audit trail. Admin Console views and API calls are scoped by tenant identifiers, so one tenant cannot see another tenant's data.

Enterprise deployments can run Guardrail in their own cloud account to align with internal security and compliance requirements.

What We Log

Guardrail is an observability and governance layer, so it generates audit logs about how decisions are made. In current releases, these logs include:

  • Ingress evaluations (requests into a model)
  • Egress evaluations (responses coming back)
  • Incident records and escalation events
  • Metadata needed to explain decisions (tenant, environment, policy, and decision IDs)

By default, Guardrail focuses on logging decisions and metadata, not full prompt or response bodies. Enterprise deployments can choose stricter or more limited logging policies based on their risk and compliance needs.

SIEM Integration

Guardrail Core and the Guardrail Enterprise Console emit structured, SIEM-ready audit logs in JSON or NDJSON form. These logs can be exported and forwarded into existing observability pipelines such as Splunk, Elastic, Datadog, CloudWatch, Azure Monitor, or GCP Logging.

Native streaming integrations (for example, automatically sending logs to cloud logging and SIEM services without a manual export step) are Enterprise features under active development and are not yet enabled in early access builds.

Encryption & API Keys

All communication with Guardrail uses HTTPS. API keys are scoped to tenants and environments and should be treated as sensitive credentials. We recommend storing them in a secure secrets manager and rotating them periodically.

Early Access Note

Guardrail is in an early access phase and is evolving quickly. The information on this page describes the intended operating model, but final enterprise deployments may be tailored to specific contractual and regulatory requirements.