Security Overview
Overview
Quotaflow helps teams manage AI compute through a wallet layer that combines key vault controls, approved inference supply, budget policy, activity logging, and route governance across developer tools, agents, APIs, and model families.
The public site describes external-facing controls and review posture. Detailed implementation evidence is shared through enterprise review channels when appropriate.
Access, keys, and route controls
Customer workspaces use authenticated qf keys and approved model routes. Teams can map which applications, agents, workflows, and internal projects may use specific BYOK sources, Quotaflow supply, or locked resources.
- Authenticated qf key access
- Encrypted key vault for provider credentials
- Workspace, team, tool, and agent policy
- Provider, source, and model allowlisting
- Quota, budget, and spend controls
Operational visibility
Quotaflow records operational metadata needed for spend review, SLA review, debugging, and ROI reporting while keeping sensitive prompt content out of normal text usage logs where the configured profile supports that boundary.
- Request identifier
- Wallet key and owner
- Model family and route
- Token usage, latency, status, and estimated cost
- Savings and locked-term attribution
Data protection posture
Quotaflow is designed for customer-controlled provider selection and data boundaries. Customers decide which model providers, jurisdictions, partner routes, retention profiles, and private deployment options are appropriate for their use case.
- No training on customer data
- Zero or limited retention profiles for enterprise workflows
- Encrypted key handling
- Private deployment and dedicated capacity options
- Subprocessor and provider-route review
Enterprise review
For security reviews, procurement questionnaires, SLA requirements, data-flow questions, or Safe Mode configuration, contact the Quotaflow team with your workspace requirements and expected rollout scope.