Skip to main content
Untrace Security Light

Overview

Security and privacy are paramount when handling LLM traces that may contain sensitive data. Untrace provides multiple layers of security to protect your AI application data, ensure compliance, and maintain user privacy.

PII Protection

Automatic detection and redaction of sensitive data

Data Encryption

End-to-end encryption for traces in transit and at rest

Access Control

Fine-grained permissions and API key management

Compliance

GDPR, SOC2, HIPAA compliant infrastructure

PII Protection

Automatic PII Detection

Untrace automatically scans LLM traces for personally identifiable information:

Redaction Methods

Choose how sensitive data is handled:

Custom PII Patterns

Define your own sensitive data patterns:

Allowlisting

Specify patterns that should never be redacted:

Data Encryption

Encryption in Transit

All trace data is encrypted during transmission:
  • TLS 1.3: Latest encryption standards
  • Certificate Pinning: Prevent MITM attacks
  • Perfect Forward Secrecy: Protect past sessions
  • HSTS: Enforce HTTPS connections

Encryption at Rest

Trace data is encrypted when stored:
  • AES-256-GCM: Military-grade encryption
  • Key Rotation: Automatic key management
  • HSM Storage: Hardware security modules for keys
  • Encrypted Backups: Secure disaster recovery

Field-Level Encryption

Encrypt specific sensitive fields:

Access Control

API Key Management

Secure API key practices:

Key Rotation

Implement regular key rotation:

Role-Based Access Control

Configure granular permissions:

OAuth Integration

Support for enterprise SSO:

Network Security

IP Allowlisting

Restrict access by IP address:

VPC Peering

Connect securely via private networks:

Rate Limiting

Protect against abuse:

Data Privacy

Data Residency

Control where your data is stored:
Available regions:
  • US: us-east-1, us-west-2
  • EU: eu-west-1, eu-central-1
  • APAC: ap-southeast-1, ap-northeast-1

Data Retention

Configure retention policies:

Right to Erasure

GDPR-compliant data deletion:

Compliance

GDPR Compliance

Untrace helps you meet GDPR requirements:
  • Automatic PII redaction
  • Configurable data collection
  • Field-level exclusion
  • Sampling strategies
  • Explicit data usage policies
  • Purpose-based retention
  • Access controls by purpose
  • Audit trails
  • Right to access (data export)
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Encryption at rest and in transit
  • Access controls
  • Regular security audits
  • Breach notification

SOC2 Compliance

Our SOC2 Type II certification covers:
  • Security: Encryption, access controls, monitoring
  • Availability: 99.9% uptime SLA, redundancy
  • Processing Integrity: Data validation, error handling
  • Confidentiality: Data classification, encryption
  • Privacy: PII handling, consent management

HIPAA Compliance

For healthcare applications:
Features:
  • Business Associate Agreement (BAA)
  • PHI detection and redaction
  • Audit logging
  • Access controls
  • Encryption standards

Security Monitoring

Audit Logging

Comprehensive security audit trail:

Anomaly Detection

Automatic detection of suspicious activity:

Security Alerts

Real-time security notifications:
  • Failed authentication attempts
  • New IP addresses
  • API key usage anomalies
  • Data export requests

Best Practices

Development Security

  1. Use separate API keys for each environment
  2. Never commit credentials
  3. Use secret management

Production Security

  1. Enable all security features
  2. Regular security reviews
    • Monthly API key rotation
    • Quarterly access reviews
    • Annual security audits
    • Penetration testing
  3. Incident response plan
    • Security team contacts
    • Escalation procedures
    • Communication templates
    • Recovery procedures

Data Handling

  1. Minimize sensitive data in traces
  2. Use structured logging
  3. Implement data classification

Security Checklist

Use this checklist to ensure your Untrace implementation is secure:
  • PII detection enabled in production
  • API keys stored securely (environment variables, secret manager)
  • Separate API keys for each environment
  • IP allowlisting configured for production
  • Field-level encryption for sensitive data
  • Audit logging enabled for compliance
  • Data retention policies configured
  • Access controls properly set up
  • Regular key rotation scheduled
  • Security alerts configured
  • Incident response plan documented
  • Compliance requirements identified and met

Vulnerability Disclosure

Found a security issue? Please report it responsibly:
  1. Email: security@untrace.dev
  2. PGP Key: Available on our website
  3. Response Time: Within 24 hours
  4. Bug Bounty: Available for critical issues
Please do not disclose security vulnerabilities publicly until we’ve had a chance to address them.

Resources

Security Updates

Subscribe to security advisories

Security Whitepaper

Detailed security architecture

Compliance Docs

SOC2, GDPR, HIPAA documentation

Privacy Policy

How we handle your data