No Raw Payload Storage
The Spctre decision gateway evaluates contextual metadata. We do not store raw agent prompts, LLM completion payloads, or application database variables, keeping your primary IP entirely isolated.
Privacy Policy. Built for high-trust agent environments.
Last updated: May 22, 2026. This policy details how Ciwrl Technologies LLC d/b/a Spctre handles telemetry, rule configurations, and operational audit trails for autonomous agent systems.
Data Scope
Metadata focused
Information captured for agent governance
Spctre is operated by Ciwrl Technologies LLC d/b/a Spctre. Spctre operates as a control plane for policy enforcement. To author, simulate, and verify policy decisions, we process the minimum necessary operational metadata:
Workspace & Organization Data
We collect profile data including your email, name, organization name, and workspace configurations required to manage administrative access, SAML/SCIM settings, and API authentication.
Policy Rules & Bundles
When you author and compile policy rules, we store the policy source code, environment scopes, change histories, pull requests, reviewer credentials, and cryptographic bundle hashes.
Agent Operational Traces
For each evaluated decision, we record the agent's identity, the target connector (e.g., Stripe, GitHub), the requested action (e.g., refund.create), the system environment, the policy decision outcome (ALLOW, DENY, REVIEW), and execution latency.
Minimization
Payload isolated
Telemetry boundaries and payload protection
Local SDK Resolution
Whenever possible, policy enforcement rules are resolved locally within your runtime environment using our AGT-compatible SDKs, sending only execution hashes and status states back to the control plane.
Dynamic PII Masking
Our gateway supports standard regex-based redaction patterns, ensuring that identifiers (such as credit cards or SSNs) present in tool names or transaction arguments are masked prior to being logged.
Operations
Internal only
How operational data is utilized
Spctre uses operational data exclusively to deliver, maintain, and optimize the policy control plane. This includes:
Simulation Projections
Historical event headers are processed to simulate how a proposed policy modification would have changed decisions in the past, allowing you to dry-run rules safely.
Durable Audit Trails
Durable chains of custody are created to let compliance officers inspect which policy bundles allowed or blocked an action, when review requests were resolved, and by whom.
Operational Metrics
Calculating execution latencies, rate-limit thresholds, and workspace volume stats to guarantee that Spctre gateways meet the high-availability demands of autonomous system architectures.
Ledger Retention
Archival & Erasure Posture
- System logs are retained for a default of 90 days unless custom workspace rules apply.
- Cryptographic policy bundle histories are preserved indefinitely to maintain audit chain validation.
- Tenant database records can be fully purged within 30 days of workspace termination.
- Redaction filters can be programmatically forced at the SDK border to prevent accidental transmission of private tokens.
Your Controls
Privacy settings and parameters
- Toggle local evaluation versus gateway transmission directly inside the AGT daemon configs.
- Designate specific environments (e.g., development workspaces) to operate on completely ephemeral logs.
- Restrict administrator permission scopes using granular role-based access control (RBAC).
- Export complete trace data in structured JSON format anytime via administrative endpoints.