Security & Trust

Govern AI spend without
storing prompts or responses.

CapHound gives teams governance, auditability, and control using only the metadata a spend decision requires — never the content of a request.

Prompt-safe by design

We see the cost of a request. Never its contents.

Governing spend doesn't require reading prompts. CapHound records the metadata that makes a decision possible — and nothing a user or model actually wrote.

What CapHound records

  • provider & model
  • team, feature, customer
  • token counts
  • calculated cost
  • policy decision & reason
  • timestamp

What CapHound never touches

  • prompt text
  • response text
  • system prompts
  • message content
  • embeddings input
  • anything a user typed

A design constraint, not a setting you toggle. There is no code path that writes prompt or response content.

Built for the security team that has to sign off.

The controls a procurement review asks about — handled the way you'd expect of production infrastructure.

Data handling

CapHound runs on the metadata needed for spend governance — provider, model, team, feature, customer, cost, and policy decisions. Prompt and response content are never collected, stored, or logged. A design constraint, not a configuration option.

Access control

Role-based access across every workspace resource. Admins configure governance rules and manage access. Members view spend and respond to alerts within scope. Read-only viewer access is available for finance and executive stakeholders.

Auditability

Every decision CapHound makes is written to an immutable audit trail — what was evaluated, which policy applied, what action was taken, and when. The complete history of AI spend decisions is reviewable at any time.

Tenant isolation

Workspace-level data isolation, enforced independently of the application layer. Spend data, governance rules, audit trails, and connected workflows are scoped to the workspace and inaccessible to other tenants.

Enterprise review

CapHound supports security review for enterprise procurement. SOC 2 Type I audit is available on contract, alongside documentation on data handling, access control, and governance architecture for your security team.

Deployment options

Teams with specific infrastructure or compliance requirements can discuss deployment options during onboarding. We work to find the configuration that fits your security posture and governance requirements.

SOC 2 Type I — audit available on contractFOCUS 1.0 conformant exportsRole-based access controlWorkspace tenant isolation

Need security documentation?

We support security review for enterprise procurement — documentation on data handling, access control, the audit trail, and deployment architecture.

Request security details