How Isofold Handles Data
Isofold is designed to operate without retaining any sensitive data. It processes SQL queries in transit and guarantees that:- Query results are never stored
- Sensitive input is not logged
- All computation happens in-memory or in a configured warehouse
Query Lifecycle
Each query follows this lifecycle:- Ingress The query arrives at the Isofold proxy via HTTP, JDBC, or native wire protocol.
- Rewrite Phase The SQL is parsed, transformed, and optionally verified.
- Execution Phase The rewritten query is sent to your data warehouse. Results are streamed back directly to the client.
- Egress The original query and its result are discarded unless verification mode is enabled.
Logging & Redaction
By default, Isofold logs only the following:- Query fingerprint (e.g. hashed SELECT pattern)
- Warehouse used
- Execution metadata (latency, cost, rewrite path)
- High-entropy trace ID
We strongly advise against enabling full SQL logging in production environments.
Data Residency
- Hosted mode: All query processing occurs in transit, at the Fly.io edge region nearest to the client.
- Self-hosted mode: Data never leaves your environment. Isofold can run inside the same region or VPC as your warehouse.
Supported Isolation Levels
Deployment Mode | Data Retention | TLS Required | VPC Integration | Logging Scope |
---|---|---|---|---|
Hosted (Default) | None | Yes | ✕ | Fingerprints only |
Self-hosted (VPC) | None | Optional | ✓ | Configurable |
Debug Mode | Optional | Yes | ✓ / ✕ | Full query + result |
Next: View the Security Network Diagram