OGuardAI
Security

Data Flow Diagrams

How data flows through OGuardAI — where PII exists, what crosses the trust boundary, and what each component sees

Data Flow Diagrams

For the complete data flow documentation covering all 8 operations (Transform, Rehydrate, RAG, Proxy, Streaming, File Processing, Image/OCR, Batch), see the canonical reference:

Architecture: Data Flow Diagrams

Security-Relevant Summary

All data flows follow the same trust boundary model:

  • Trusted Zone (OGuardAI runtime): Raw PII exists only here — in memory during request processing
  • Untrusted Zone (LLMs, tools, logs, vector stores): Only semantic tokens {{type:id}} and safe metadata cross the boundary
  • Session state: Encrypted with AES-256-GCM, client-held (sealed mode) or server-stored (Redis mode)
  • Revocation table: Stores HMAC-SHA-256 hashes only — no raw PII
  • Audit events: Entity types and counts only — no raw values logged

For detailed trust boundary analysis, see the Security Whitepaper.

Data Retention & Privacy

Complete data lifecycle, deletion procedures, and retention policies for OGuardAI deployments

Deployment Guide

Deploy OGuardAI from local development to production Kubernetes clusters

On this page

Data Flow DiagramsSecurity-Relevant Summary