Enterprise Security

Enterprise-grade security with complete data control

Your code and data never leave your infrastructure. SOC 2 Type II certified, GDPR compliant, HIPAA ready. Meet the strictest compliance standards with granular access controls.

Contact Security Team Shared Responsibility Model

SOC 2 Type II

Get report

GDPR Compliant

Learn more

HIPAA Ready

Annual Pen Testing

Bug bounty

Hybrid architecture

Your code and data never leave your infrastructure

Separation of orchestration and execution means Prefect Cloud coordinates workflows without ever accessing your code or data. Workers poll via outbound-only connections—no inbound access to your network required.

No code or data egress from your environment

Deploy on Kubernetes, ECS, Docker, or serverless

Workers poll for work—no inbound network access

Learn about hybrid execution

Prefect Cloud

Your Network

Control Plane

Metadata

Workers

Data

Prefect Cloud hosts the Control Plane & Metadata. You host execution & data.

Access controls

Granular permissions and enterprise governance

Control who can access what with role-based access control, team management, and directory sync. Secure your workflows while keeping code and data in your infrastructure.

Object-level permissions for fine-grained control

Service accounts for automation

Multi-factor authentication required

View enterprise features

Role-based access control (RBAC)

SSO (SAML 2.0 / OIDC)

Directory Sync (SCIM)

Audit logs with retention

IP allowlisting

Infrastructure security

Industry-standard encryption and infrastructure

All data encrypted in transit and at rest with industry best-practice algorithms. High availability configuration across multiple availability zones with annual penetration testing and disaster recovery simulations.

Annual third-party penetration testing

Continuous vulnerability monitoring

Annual disaster recovery simulations

Encryption

TLS 1.2+ enforced

Data encrypted at rest

Workspace-unique encryption keys

Infrastructure

GCP us-east1 (primary)

AWS us-east-1 (execution)

Multi-AZ high availability

Flexible execution models

Choose the deployment pattern that fits your security requirements

Recommended

Hybrid Execution

Prefect Cloud coordinates workflows while execution happens in your infrastructure. No code or data leaves your environment.

Outbound-only connections

Deploy anywhere: K8s, ECS, Docker

Complete data control

Serverless

Push Execution

Prefect Cloud provisions infrastructure on-demand in your cloud account with limited service account permissions.

Google Cloud Run support

Runs in your GCP project

Scoped service accounts

Fully managed

Managed Execution

Prefect Cloud executes workflows on managed infrastructure. Requires providing workflow source code.

Zero infrastructure management

Instant execution

Code sharing required

What data does Prefect store?

Complete transparency on data handling

Metadata stored by Prefect Cloud

Required for orchestration coordination

•Flow and task parameter names
•Flow parameter values (not task parameter values)
•Workflow logs (can be disabled)
•Configuration blocks (encrypted per-workspace)

Data that stays in your infrastructure

Prefect Cloud never accesses

Workflow source code
Task parameter values and execution data
Customer data processed by workflows
Secrets and credentials

Enterprise security features

Built for regulated industries

SOC 2 Type II certified

Independently audited security controls proving commitment to data protection and operational excellence.

End-to-end encryption

TLS 1.2+ for data in transit. Industry-standard encryption for data at rest with workspace-unique keys.

Granular RBAC

Object-level permissions and role-based access control. Control exactly who can access what.

Compliance ready

GDPR compliant and HIPAA ready. Designed for healthcare, finance, and regulated industries.

Audit logs & retention

Complete audit trail of all actions with configurable retention. Track who did what and when.

SSO & directory sync

SAML 2.0 and OIDC single sign-on. Automatic user provisioning with SCIM directory sync.

Security policies & practices

Continuous security improvement

System Access

Least privilege access to all systems
Quarterly access audits on critical systems
SSO enforcement where possible
Multi-factor authentication required

Monitoring & Testing

Annual third-party penetration testing
Continuous vulnerability monitoring
Annual disaster recovery simulations
Bug bounty program

Security resources

Documentation and policies

Shared Responsibility Model

Understand security responsibilities between Prefect and customers

GDPR Compliance

Learn about our GDPR compliance measures and data protection

Sub-Processors

View the list of third-party service providers we use

Bug Bounty Program

Report security vulnerabilities responsibly

Questions about security?

Our security team is here to help. Contact us about enterprise security requirements, compliance documentation, or to request our SOC 2 Type II report.

Contact Security Team View Documentation