# Trust boundaries

Data handling, persistence, and security posture for enterprise diligence.

## What leaves the client

When `blekline_mask_prompt` is called, the text payload is sent over HTTPS to `/api/mask` on the Blekline control plane, then forwarded to Azure Cognitive Services (Text Analytics PII detection). The response returns `maskedText` and a `tokenMap` — original entities are not stored in persisted event records.

When `blekline_evaluate_tool_call` is called, the tool name and argument summary are evaluated locally via `@blekline/contracts`, and optionally checked against the workspace policy API. Full argument bodies are not stored in default event ingest.

## What is stored in audit events

Audit events in workspace Activity contain **metadata only**:

| Field | Example |
|-------|---------|
| `kind` | `tool_call_enforcement` |
| `action` | `allow` / `mask` / `block` |
| `entitiesMasked` | `3` |
| `riskTier` | `low` / `medium` / `high` |
| `mcpToolName` | `write_file` |
| `clientSurface` | `cursor`, `continue`, `github-copilot`, `openhands`, `sourcegraph-cody`, etc. |
| `modelProvider` | `anthropic` / `openai` |
| `requestId` | UUID for correlation |

No raw prompt text. No full tool argument bodies. No user-identifiable content in default configuration.

## Data residency

- SaaS: `app.blekline.com` — US-based by default.
- EU data residency: available on enterprise plan. Contact sales with `dataResidency=EU`.
- Edge sidecar with `BLEKLINE_MASK_FAST_PATH=local_only`: no data leaves the sidecar.

## Encryption and tokens

All API traffic: TLS 1.2+ in transit. Workspace tokens are scoped (`mask:write`, `events:write`), rotatable, and never logged in event records. Rotate tokens quarterly — see [SSO & deployment](/docs/enterprise/sso-deployment) hardening checklist.

## Certifications

SOC 2 Type II: on the roadmap. Contact enterprise sales for current timeline and to request a security questionnaire.

## Third-party eval (LangSmith)

[LangSmith](/docs/integrations/langsmith-stack) receives **metadata-only** exports when you forward `/api/events` or OTel labels — not prompt bodies by default. LangSmith is an eval platform, not a SIEM. For compliance archives use [Enterprise telemetry](/docs/enterprise/telemetry).

## What Blekline is not

Blekline is a policy-enforced ingress control plane. It is not:

- A WAF or network-level firewall
- A full DLP system (it operates at the MCP call level, not network packet level)
- A SIEM — forward audit events to your SIEM via `/api/integrations/siem` (Pro+)
- A model output filter — it operates before the model call, not after

This scope boundary is intentional. See [Architecture](/docs/introduction/architecture).

---

**Next steps:** [MCP identity pinning](/docs/security/mcp-identity-pinning) · [Enterprise telemetry](/docs/enterprise/telemetry) · [EU AI Act mapping](/docs/introduction/eu-ai-act)