← Security at QuotaGuard

Data Flow

What is decrypted, logged, and stored in each of the four traffic modes.

1. Purpose and scope

[PLACEHOLDER. Paste Section 1 from sec-data-flow-external-release.md, ending on "In every mode except Static inbound, the proxy does not decrypt the customer's application payload."]

2. Traffic data flow

[PLACEHOLDER. Paste Section 2 intro line.]

Shield inbound

[PLACEHOLDER. Paste the Shield inbound bullet.]
Diagram of QG Shield inbound requests: HTTPS traffic routed by SNI through the Shield proxy without TLS termination, to an allow-listed trusted IP.
Shield inbound: SSL passthrough, routed by SNI, never decrypted.

Shield outbound

[PLACEHOLDER. Paste the Shield outbound bullet.]
Diagram of QG Shield outbound requests: encrypted CONNECT wrapper terminated for authentication and routing; the inner TLS session to the destination is not decrypted.
Shield outbound: outer wrapper terminated for auth and routing; inner session never decrypted.

Static outbound

[PLACEHOLDER. Paste the Static outbound bullet.]
Diagram of QG Static outbound requests: unencrypted CONNECT wrapper read at the proxy hop; customer payload to the destination stays end-to-end encrypted over HTTPS.
Static outbound: plaintext CONNECT wrapper; HTTPS payload stays end-to-end encrypted.

Static inbound

[PLACEHOLDER. Paste the Static inbound bullet. This is the one mode where QuotaGuard decrypts, by design; do not soften it.]
Diagram of QG Static inbound requests: TLS terminated at the proxy with a QuotaGuard or customer certificate, routed at the HTTP layer, re-encrypted to the destination.
Static inbound: SSL termination at the proxy, by design.

3. What is logged, and where it is stored

[PLACEHOLDER. Paste Section 3: connection metadata / account and billing / runtime cache bullets, including the corrected Redis description.]

4. What is not in the customer traffic path

[PLACEHOLDER. Paste Section 4, link "subprocessor list" to /security/subprocessors.]

5. Infrastructure and regions

[PLACEHOLDER. Paste Section 5. The HIPAA Eligible Services sentence is scoped to Shield traffic; keep that word.]

6. Encryption by product and direction

Scenario Customer-to-proxy connection Proxy decrypts customer payload? URL logged?
Shield inbound[PLACEHOLDER][PLACEHOLDER][PLACEHOLDER]
Shield outbound[PLACEHOLDER][PLACEHOLDER][PLACEHOLDER]
Static outbound[PLACEHOLDER][PLACEHOLDER][PLACEHOLDER]
Static inbound[PLACEHOLDER][PLACEHOLDER][PLACEHOLDER]
[PLACEHOLDER. Fill the table cells from the Section 6 table in the release copy, then paste the closing diagram-set sentence here.]

7. Governance

[PLACEHOLDER. Paste Section 7.]