Encryption
Your data is encrypted so that only you can read it. Not even the platform operator can access your workflow definitions, run data, or secrets.
How it works
Every piece of your data is encrypted individually:
- A random encryption key is generated for each record
- Your data is encrypted with that key (AES-256-GCM)
- The key itself is encrypted with your wrapping key
- Only the encrypted data is stored
Your wrapping key is derived from your private key and only exists in server memory while you have an active session. When your session ends, the wrapping key is discarded.
What’s protected
| Your data | Encrypted? |
|---|---|
| Workflow definitions (URLs, logic, schemas) | Yes |
| Run event data (request/response bodies) | Yes |
| Run results | Yes |
| Secret values (API keys, tokens) | Yes |
| Run status, timestamps | No — needed for the dashboard |
| Step execution status | No — needed for the workflow engine |
Metadata like “run started” or “step completed” is visible for monitoring, but the actual business data inside those events is always encrypted.
What this means for you
- Database backups cannot be used to read your data
- Platform operators cannot see your workflow definitions or API responses
- Other tenants cannot access your data — every tenant has their own encryption key
- Your data is only readable when you have an active session
Key rotation
If you need to rotate your encryption key, the platform re-wraps all your data with the new key without ever decrypting the underlying data. Contact your admin to initiate a key rotation.
If you lose your private key
Your data is permanently inaccessible. There is no master key, no recovery mechanism, and no backdoor. This is by design — it’s what makes the zero-knowledge guarantee possible.
Store your private key somewhere safe.