Where does my customer data live?+
In your environment. The proxy runs wherever you own infrastructure (cloud, on-prem, or air-gapped), behind your network controls, with credentials you supply. Query content, row values, and PII never leave the perimeter. The control plane only sees metadata: counts, top names, latency percentiles, policy configuration.
What does the control plane actually see?+
Telemetry rollups (counts of requests by agent + source + outcome, top denials, top edges, latency percentiles) plus policy configuration the operator authored. No queries, no row content, no PII, no row counts that could correlate back to specific customers. The wire contract is documented in the security page; the rollup format is checked in tests.
Is the audit log tamper-evident?+
Yes. Every audit row is hash-chained: each record carries a SHA-256 of the previous record, so any modification or deletion downstream of a row breaks the chain and the next integrity check fails closed. The retention cron is the only code path with permission to delete, and it runs with an explicit per-transaction GUC that the audit-table triggers verify before allowing the delete.
Do you use LLMs anywhere in the governance decision?+
No. Policy decisions, trust scoring, anomaly detection, threat correlation, and recommendations are deterministic. Every decision traces back to a rule, threshold, or policy line. We use LLMs nowhere in the path that says yes or no to a request.
How does DataDam handle PII?+
Two paths. For sources with an active data contract, columns tagged pii.email or pii.phone get masked through the contract's declared mode (generalize / redact / hash / tokenize) before the response leaves the proxy. For sources without a contract, runtime PII detection runs inline as a fallback and covers 200+ entity types across seven recognizer packs (secrets, country IDs, healthcare, financial, network, crypto wallets, vehicle and asset identifiers), masking detected spans through the same mask machinery. Both paths run inside your environment.
What compliance frameworks does DataDam support?+
Eight frameworks ship as policy templates that set trust thresholds, mask defaults, and audit retention to framework-aligned values: HIPAA, SOC 2, FINRA, GDPR (and UK GDPR), CCPA + CPRA, DPDP Act 2023, LGPD, and PIPEDA. Evidence endpoints export the audit rollups and policy change log in CSV or JSON for auditor delivery. The templates help you meet your obligations; DataDam itself is not yet audited or attested to any framework (we will update when that is real, not before).
How do you secure third-party MCP servers like GitHub, Slack, or internal tools?+
The gateway hardens MCP traffic, it does not just route it, and the controls map to the risks in NSA's Cybersecurity Information Sheet on the Model Context Protocol (U/OO/6030316-26). Tool results are sanitized before the agent reads them, so a poisoned issue or message cannot inject instructions. Every upstream tool is fingerprinted and pinned to an operator-approved baseline, so a server that swaps a trusted tool for a malicious one (the rug-pull) is withheld until you re-approve. Per-agent rate limits throttle a runaway or compromised agent at the gateway. Stdio servers run in a filesystem and network sandbox with an explicit allowlist. DataDam is not endorsed by NSA; we implement defenses for the failure modes the guidance describes.