Prefect
  • Blog
  • Customers
Get a Demo
Sign InSign Up

Product

  • Prefect Cloud
  • Prefect Open Source
  • Prefect Cloud vs OSS
  • Pricing
  • How Prefect Works
  • Prefect vs Airflow
  • Prefect vs Dagster
  • FastMCP
  • Prefect Horizon
    NEW

Resources

  • Docs
  • Case Studies
  • Blog
  • Resources
  • Community
  • Learn
  • Support
  • Cloud Status

Company

  • About
  • Contact
  • Careers
  • Legal
  • Security
  • Brand Assets
  • Open Source Pledge

Social

  • Twitter
  • GitHub
  • LinkedIn
  • YouTube

© Copyright 2026 Prefect Technologies, Inc. All rights reserved.

Enterprise Security

Enterprise-grade security with complete data control

Your code and data never leave your infrastructure. SOC 2 Type II certified, GDPR compliant, HIPAA ready. Meet the strictest compliance standards with granular access controls.

Contact Security TeamShared Responsibility Model

SOC 2 Type II

Get report

GDPR Compliant

Learn more

HIPAA Ready

Contact us

Annual Pen Testing

Bug bounty

Hybrid architecture

Your code and data never leave your infrastructure

Separation of orchestration and execution means Prefect Cloud coordinates workflows without ever accessing your code or data. Workers poll via outbound-only connections—no inbound access to your network required.

No code or data egress from your environment

Deploy on Kubernetes, ECS, Docker, or serverless

Workers poll for work—no inbound network access

Learn about hybrid execution
Prefect Cloud
Your Network
Control Plane
Metadata
Workers
Data

Prefect Cloud hosts the Control Plane & Metadata. You host execution & data.

Access controls

Granular permissions and enterprise governance

Control who can access what with role-based access control, team management, and directory sync. Secure your workflows while keeping code and data in your infrastructure.

Object-level permissions for fine-grained control

Service accounts for automation

Multi-factor authentication required

View enterprise features
Role-based access control (RBAC)
SSO (SAML 2.0 / OIDC)
Directory Sync (SCIM)
Audit logs with retention
IP allowlisting

Infrastructure security

Industry-standard encryption and infrastructure

All data encrypted in transit and at rest with industry best-practice algorithms. High availability configuration across multiple availability zones with annual penetration testing and disaster recovery simulations.

Annual third-party penetration testing

Continuous vulnerability monitoring

Annual disaster recovery simulations

Encryption

TLS 1.2+ enforced
Data encrypted at rest
Workspace-unique encryption keys

Infrastructure

GCP us-east1 (primary)
AWS us-east-1 (execution)
Multi-AZ high availability

Flexible execution models

Choose the deployment pattern that fits your security requirements

Recommended

Hybrid Execution

Prefect Cloud coordinates workflows while execution happens in your infrastructure. No code or data leaves your environment.

Outbound-only connections
Deploy anywhere: K8s, ECS, Docker
Complete data control
Serverless

Push Execution

Prefect Cloud provisions infrastructure on-demand in your cloud account with limited service account permissions.

Google Cloud Run support
Runs in your GCP project
Scoped service accounts
Fully managed

Managed Execution

Prefect Cloud executes workflows on managed infrastructure. Requires providing workflow source code.

Zero infrastructure management
Instant execution
Code sharing required

What data does Prefect store?

Complete transparency on data handling

Metadata stored by Prefect Cloud

Required for orchestration coordination

  • •Flow and task parameter names
  • •Flow parameter values (not task parameter values)
  • •Workflow logs (can be disabled)
  • •Configuration blocks (encrypted per-workspace)

Data that stays in your infrastructure

Prefect Cloud never accesses

  • Workflow source code
  • Task parameter values and execution data
  • Customer data processed by workflows
  • Secrets and credentials

Enterprise security features

Built for regulated industries

SOC 2 Type II certified

Independently audited security controls proving commitment to data protection and operational excellence.

End-to-end encryption

TLS 1.2+ for data in transit. Industry-standard encryption for data at rest with workspace-unique keys.

Granular RBAC

Object-level permissions and role-based access control. Control exactly who can access what.

Compliance ready

GDPR compliant and HIPAA ready. Designed for healthcare, finance, and regulated industries.

Audit logs & retention

Complete audit trail of all actions with configurable retention. Track who did what and when.

SSO & directory sync

SAML 2.0 and OIDC single sign-on. Automatic user provisioning with SCIM directory sync.

Security policies & practices

Continuous security improvement

System Access

  • Least privilege access to all systems
  • Quarterly access audits on critical systems
  • SSO enforcement where possible
  • Multi-factor authentication required

Monitoring & Testing

  • Annual third-party penetration testing
  • Continuous vulnerability monitoring
  • Annual disaster recovery simulations
  • Bug bounty program

Security resources

Documentation and policies

Shared Responsibility Model

Understand security responsibilities between Prefect and customers

GDPR Compliance

Learn about our GDPR compliance measures and data protection

Sub-Processors

View the list of third-party service providers we use

Bug Bounty Program

Report security vulnerabilities responsibly

Questions about security?

Our security team is here to help. Contact us about enterprise security requirements, compliance documentation, or to request our SOC 2 Type II report.

Contact Security TeamView Documentation