Data + permissions
What GreyScape.ai collects, why, and what each piece unlocks.
Every data feed that powers shadow AI discovery and AI budget control on GreyScape.ai, with two columns: is it required to run the product, and what functionality does it switch on. We never collect data we don't use, and we're explicit about what we deliberately don't see.
Where your data lives
GreyScape.ai is a fully hosted multi-tenant SaaS — we operate the platform on your behalf. You don't deploy or maintain any infrastructure. The entries below describe how your tenant's data is stored, protected, and recovered.
Where your tenant data lives
Source: GreyScape.ai managed Postgres, hosted on Railway (EU region by default; US region available on request)
What we don't see from this source: Other tenants' data. Your data is never co-mingled across customers; every read is scoped to your tenant_id. Row-level security policies enforce this at the database engine in Wave 3.0.
Backups + recovery
Source: Railway daily Postgres snapshots, retained 7 days; point-in-time recovery to any moment within the retention window.
What we don't see from this source: Backups are encrypted at rest and accessible only to GreyScape.ai operators. We never share or extract their contents across tenants.
Encryption at rest + in transit
Source: Postgres-on-disk encryption (managed by Railway); TLS 1.3 for every connection; AES-256-GCM envelope on every stored provider credential.
AI provider data (ingestion)
Per provider — connect each one you use. One key per organisation, not per user.
OpenAI admin API key
Source: Generated in your OpenAI admin console (organisation-level sk-admin- key)
What we don't see from this source: Prompts, responses, training data, model weights, or anything in the request body. We only read usage metadata.
Anthropic admin API key
Source: Generated in your Anthropic admin console (sk-ant-admin01- key)
What we don't see from this source: Prompts, responses, training data, or anything in the request body. We only read usage metadata.
Azure OpenAI subscription scope
Source: Azure Cost Management API + Application Insights workspace ID
AWS Bedrock account access
Source: Cost Explorer + CloudWatch read-only IAM role
Google Vertex AI billing export
Source: BigQuery billing export dataset
Users + teams
What turns api-key-level spend into per-employee, per-team attribution.
Employee directory (name, email, team, manager)
Source: Your identity provider via WorkOS-mediated SCIM — Okta, Entra ID, Google Workspace, Rippling
What we don't see from this source: Personal identifying data outside name/email/team/manager. We don't read HR records, salary, performance, or anything else from the directory.
AI workload conversations (the scoping chat)
Source: The requester typing into /request/[token] or /calculator chat
What we don't see from this source: The conversation only contains what the user types into the advisor — it never sees their actual production prompts or data.
Shadow-AI detection (additive)
Each source independently increases your shadow-AI surface coverage. Stack as many as you can.
Expense card transactions (Brex, Ramp, Expensify)
Source: API token from the expense system
What we don't see from this source: Non-AI transactions. We filter on a vendor allowlist of ~200 known AI tools.
SaaS-management inventory (Productiv, Zylo)
Source: API token from the SaaS-management platform
Network / secure web gateway logs (Zscaler, Cloudflare Gateway, Cisco Umbrella)
Source: API access to your gateway's log export
What we don't see from this source: Page bodies, headers, or non-AI traffic. We filter on a curated list of ~150 AI-tool domains.
MDM device inventory (Jamf, Microsoft Intune)
Source: API token from the MDM
What we don't see from this source: Non-AI software inventory. We filter on a known AI-tool app list.
Code repository admin access (GitHub Enterprise, GitLab)
Source: GitHub App or PAT with org admin read
What we don't see from this source: Source code content beyond the specific patterns we scan for (key signatures, import statements, model IDs).
Identity provider event hooks (Okta, Entra ID)
Source: Outbound webhook on app-assignment / new-signup events
AI gateway + DLP
Active controls — inspect, redact, and enforce policy on every AI API call.
Cloudflare AI Gateway endpoint
Source: Cloudflare account with AI Gateway enabled — used as proxy in front of each AI provider
What we don't see from this source: GreyScape.ai itself never sees the redacted prompt content; redaction happens at the Cloudflare edge.
Microsoft Purview DLP catalogue
Source: Purview API tenant + service principal
Notifications + alerts
Where alerts go. All silent no-ops if absent.
Admin notification email + transactional email key
Source: You configure your transactional email provider key and admin notify email
Slack incoming webhook URL
Source: Created in your Slack workspace settings
Compliance + policy
Org-wide constraints applied at the recommendation layer and (coming soon) at the network edge.
Approved-models policy
Source: You configure via /settings/policies
AI vendor risk metadata
Source: Maintained by GreyScape.ai, updated quarterly per vendor
Tamper-evident audit log signing
Source: Cryptographic chaining of each audit record to the previous one
What we never collect
- The text of your prompts. The OpenAI / Anthropic admin usage endpoints expose tokens and cost — not the content of the calls.
- Model responses or completions.
- Source code beyond pattern matching for leaked keys, AI SDK imports, and model identifiers.
- Document contents from any drive, repo, or storage system.
- Mailbox contents. We can be configured to send emails via Resend; we never read inbound mail.
- Personal identifying data outside name / email / team / manager from your directory.
- Non-AI SaaS spend. We're focused on AI; general SaaS belongs in tools like Zylo or Productiv (which we read from, not duplicate).
ENCRYPTION_KEY — even GreyScape.ai engineering cannot read your keys.