Appearance
Security and Privacy
The shipped Cloud Proxy flow is a managed forward-proxy and subject-metering surface. It authenticates proxy traffic with an org key plus a per-device user email, forwards the connection, and updates the Cloud Proxy setup and subject meter in Flowstate.
It is not the same as Agent Enterprise capture. In the shipped Cloud Proxy network mode, Flowstate does not store prompt bodies, response bodies, attachments, vendor cookies, or vendor API keys from the encrypted provider connection.
Authentication Data
The generated proxy URL uses HTTP Basic Auth:
text
https://<user-email>:<org-key>@ai.flowstate.inc| Field | Purpose |
|---|---|
| User email | Identifies the subject for the subject meter. Your MDM fills this per device or per signed-in user. |
| Org key | Authenticates the organisation. It is provisioned once and stored in your MDM secret store. |
| Key prefix | Displayed in Flowstate so admins can tell which active key is deployed. |
The cleartext org key is shown once at provisioning time. Flowstate stores the key material in the same hashed/secret-handling path as other telemetry keys; the customer-facing UI shows only the prefix after creation.
Traffic Data Stored
The customer-visible Cloud Proxy data model stores rollout and metering state:
| Data | Where it appears |
|---|---|
| Setup status | Not configured, Pending, or Active on the connection status card. |
| First and last seen timestamps | Connection status card. |
| Subject request totals | Current-month subject meter. |
| Subject quota and overage units | Current-month subject meter. |
| Key lifecycle events | Telemetry-key audit trail. |
Provider invoice data is not created by the Cloud Proxy meter. Connect provider billing APIs at Usage providers for invoice reconciliation.
Data Not Stored by Cloud Proxy Network Mode
In the shipped network-proxy flow, Flowstate does not store:
- prompt text;
- response text;
- files or attachments sent to AI tools;
- vendor
Authorizationheaders or API keys; - vendor cookies;
- raw TLS payloads inside the proxied provider connection.
If your governance program needs prompt inspection, content DLP, prompt-quality scoring, or a prompt audit trail, deploy the Flowstate Agent and choose the appropriate Telemetry vs Enterprise capture mode.
DLP and Enforcement
Content DLP and request-time policy blocking depend on traffic that Flowstate can inspect. The shipped Cloud Proxy network mode is for routing and metering, so it does not by itself feed prompt-body DLP or Agent enforcement.
Policy authoring still lives at Governance -> Policy and enforcement. Enforcement for managed endpoint traffic is handled by the Flowstate Agent enforcement flow.
Retention and Deletion
The Cloud Proxy setup page renders live setup state, telemetry-key metadata, and current-month subject meter snapshots. These records follow the same organisation-scoped retention, audit, and deletion controls as the rest of Flowstate's settings and telemetry-key data.
Subject-level deletion removes or anonymises Flowstate records associated with that subject according to your organisation's standard data-retention process. Because shipped Cloud Proxy network mode does not store prompt or response bodies, there is no Cloud Proxy prompt corpus to delete.
Operational Privacy Commitments
- Store the org key in an MDM secret variable, not in plaintext scripts or shared documents.
- Keep the MDM user-email placeholder intact so attribution stays per subject.
- Rotate the org key from the Cloud Proxy page if the secret is exposed.
- Use the Flowstate Agent for full capture only after your organisation has the appropriate employee notice, consent, and data-processing basis.