Security & privacy

Governance without shipping us your prompts.

Most spend and observability tools see everything you send. Outlay is built so the sensitive data physically can't reach us — purpose-built for teams that can't let prompts leave their environment.

Your appprompt + API key Local agentclassifies on your system Outlaycategory + token counts + ticket id Anthropicyour key, your prompt

What never leaves your environment

  • Prompt text and model outputs. Classification and routing happen locally; we never receive request or response bodies.
  • Your API keys. Your provider key stays on your side and is used to call Anthropic directly.
  • Customer / PII data. Anything inside a prompt stays inside your boundary.
Our ingestion endpoints reject any payload that contains prompt text, outputs, or secret-looking keys (HTTP 422). The boundary is enforced, not just promised.

What we do see — metadata only

To attribute spend to work and to route safely, Outlay receives a small, non-sensitive set of metadata:

  • ·
    A task category and numeric features (token counts, flags).
  • ·
    The ticket / branch identifier the work belongs to (e.g. PROJ-123).
  • ·
    Per-request cost and savings figures, as dollars and counts — never content.

Architecture: the IP is server-side, your data is client-side

The piece that runs in your environment is a thin, inspectable client — it does local classification and tagging and carries no proprietary routing logic. The decision engine and the attribution model run on our side and only ever see metadata. You can read exactly what the client sends; you never have to trust a black box with your prompts.

The optimization engine fails open

When you turn on the optional optimization engine, it sits in your request path — and it is built to never block a request. If our routing service is unreachable, traffic passes straight through to Anthropic, unrouted. We can degrade your savings; we can't degrade your uptime. A model downgrade only ever happens after it's been proven non-inferior on your own work (shadow → quality canary).

Data handling, isolation & exit

  • ·
    Per-deployment isolation — your metadata is scoped to your deployment.
  • ·
    Deletion on request — during a design-partner pilot, your data is deleted at the end on request.
  • ·
    Leave anytime — it's your key and your traffic; removing Outlay restores the unrouted path.
Outlay is early and onboarding design partners. We're happy to walk a security reviewer through the data-flow boundary in detail and to support a mutual NDA — just reach out.

← Back to Outlay · Privacy policy