Skip to content

Core concepts

Opaque provides a secure environment for working with sensitive data—enabling teams to collaborate, analyze, and contribute to AI workflows without ever exposing raw data. As a user, you work within a workspace—an isolated, protected environment dedicated to a specific task or stage in your organization’s broader data or AI pipeline.

Opaque workflow

Workspaces

Each workspace supports a focused workflow. For example, one team may format incoming datasets, while another team trains models or investigates outcomes—each operating independently within their own secure environment. This separation helps enforce data access boundaries while supporting collaboration across teams. Depending on your AI workflow, you can have as many workspaces as you need.

Data

When data is brought into Opaque, it is encrypted immediately and remains protected throughout its lifecycle—including during processing. At the same time, Opaque automatically generates synthetic test data—a non-sensitive version of the dataset that retains the same structure and statistical properties but contains no real personally identifiable information (PII). Depending on your workflow, this synthetic data can be used during job development to safely prototype queries, format logic, or test new workflows—without ever accessing the underlying sensitive data.

Jobs

To process data, you create jobs—scripts that analyze or transform encrypted datasets. These can be written in Python (PySpark) or PySpark SQL and developed entirely using synthetic data. This allows you to test and refine jobs. Once reviewed and approved by all workspace members, jobs can be executed on real encrypted production data without ever decrypting it.

Audit logs

Every action in Opaque is recorded in a cryptographically signed audit trail, ensuring full transparency and accountability. This includes job execution, data access, and data deletion—each event verifiable and tamper-proof. Audit logs support compliance efforts and give organizations confidence that sensitive data is being used responsibly.

Roles

Access to data and actions within the platform is governed by role-based access control (RBAC). Users are assigned specific roles—such as organization admin, workspace admin, or workspace member—which determine what they can see and do. This ensures that teams only access the workspaces and data they’re authorized to handle, and that sensitive workflows are protected by clearly defined boundaries.

Bringing it all together

In short, Opaque enables secure, multi-team collaboration across AI workflows:

  • Teams work in isolated workspaces assigned to specific tasks.
  • Synthetic data supports safe development and testing.
  • Real data remains encrypted at every stage, including during analysis.
  • All actions are logged for accountability and compliance.
  • Access is tightly controlled by roles, from organization-wide to workspace-specific.

With Opaque, your organization can unlock insights from sensitive data while maintaining privacy, security, and control at every step.

Next steps