Data handling, persistence, and security posture for enterprise diligence.
What leaves the client
When blekline_mask_prompt is called, the text payload is sent over HTTPS to /api/mask on the Blekline control plane, then forwarded to Azure Cognitive Services (Text Analytics PII detection). The response returns maskedText and a tokenMap — original entities are not stored in persisted event records.
When blekline_evaluate_tool_call is called, the tool name and argument summary are evaluated locally via @blekline/contracts, and optionally checked against the workspace policy API. Full argument bodies are not stored in default event ingest.
What is stored in audit events
Audit events in workspace Activity contain metadata only:
| Field | Example |
|---|---|
kind | tool_call_enforcement |
action | allow / mask / block |
entitiesMasked | 3 |
riskTier | low / medium / high |
mcpToolName | write_file |
clientSurface | cursor, continue, github-copilot, openhands, sourcegraph-cody, etc. |
modelProvider | anthropic / openai |
requestId | UUID for correlation |
No raw prompt text. No full tool argument bodies. No user-identifiable content in default configuration.
Data residency
- SaaS:
app.blekline.com— US-based by default. - EU data residency: available on enterprise plan. Contact sales with
dataResidency=EU. - Edge sidecar with
BLEKLINE_MASK_FAST_PATH=local_only: no data leaves the sidecar.
Encryption and tokens
All API traffic: TLS 1.2+ in transit. Workspace tokens are scoped (mask:write, events:write), rotatable, and never logged in event records. Rotate tokens quarterly — see SSO & deployment hardening checklist.
Certifications
SOC 2 Type II: on the roadmap. Contact enterprise sales for current timeline and to request a security questionnaire.
Third-party eval (LangSmith)
LangSmith receives metadata-only exports when you forward /api/events or OTel labels — not prompt bodies by default. LangSmith is an eval platform, not a SIEM. For compliance archives use Enterprise telemetry.
What Blekline is not
Blekline is a policy-enforced ingress control plane. It is not:
- A WAF or network-level firewall
- A full DLP system (it operates at the MCP call level, not network packet level)
- A SIEM — forward audit events to your SIEM via
/api/integrations/siem(Pro+) - A model output filter — it operates before the model call, not after
This scope boundary is intentional. See Architecture.
Next steps: MCP identity pinning · Enterprise telemetry · EU AI Act mapping