Skip to content

Core concepts

Opaque provides a secure, governed environment for working with sensitive data. Whether you're analyzing datasets or building autonomous workflows, everything happens inside protected workspaces—purpose-built to preserve privacy, enforce policy, and ensure compliance throughout the entire lifecycle. Here are the foundational concepts that shape how Opaque works.

Opaque workflow

Overview of the Opaque workflow.

Workspaces

Everything in Opaque happens inside a workspace. A workspace is a secure, isolated environment tailored to a specific task or stage in your data or AI pipeline. Each workspace supports a focused workflow. For example, one team may format incoming datasets, while another trains models, investigates outcomes, or builds AI agents to answer domain-specific questions—all operating independently within their own secure environment. Opaque supports two types of workspaces, each purpose-built for different kinds of work.

Analytics and ML workspaces

These workspaces are designed for collaborative development over encrypted datasets. Teams use them to explore data, build models, and run policy-governed computations—without ever seeing the raw data itself.

When data is brought into an analytics and ML workspace, it is encrypted immediately and remains protected throughout its lifecycle—even during processing. At the same time, Opaque generates a synthetic version of the dataset: a non-sensitive copy that retains the same schema and statistical properties, but contains no real personally identifiable information (PII). This allows you to prototype queries and debug logic safely, without ever touching the underlying data.

To process data, you create jobs—scripts that analyze or transform encrypted datasets. Jobs can be written in Python (PySpark) or PySpark SQL, and are typically developed using synthetic data. Once reviewed and approved by all workspace members, jobs can be submitted for execution on encrypted production data—without ever decrypting it.

Agentic AI workspaces

Agentic AI workspaces support autonomous, policy-enforced workflows composed of modular nodes. Unlike jobs, which run once and complete, workflows in agentic workspaces are persistent and event-driven—designed to operate continuously in response to external triggers or inputs. These workflows orchestrate agents, models, and integrations to perform long-lived tasks—such as answering domain-specific questions or monitoring real-time inputs—within a governed and secure execution environment.

Each workflow runs entirely within Opaque’s trusted execution environment, ensuring every step complies with your security and governance policies. To support external connectivity, agentic workspaces use integrations: secure, reusable connectors to approved data sources, tools, or services. This allows agents to interact with external systems securely, retrieve external inputs and return structured results—all without compromising confidentiality or auditability.

Audit logs

Every action in Opaque is recorded in an audit trail to ensure full transparency and accountability. This includes job execution, data access, and data deletion—each event verifiable and tamper-proof. Audit logs support compliance efforts and give your organization confidence that sensitive data is being used securely and responsibly.

Roles

Access to data and actions within the platform is governed by role-based access control (RBAC). Users are assigned specific roles—such as organization admin, workspace admin, or workspace member—which determine what they can see and do. This ensures that teams only access the workspaces and data they’re authorized to use, and that sensitive workflows remain protected by clearly defined boundaries.

Bringing it all together

Opaque enables secure, multi-team collaboration across every stage of your AI pipeline.

  • Teams work in isolated workspaces tailored to their task: analytics and ML workspaces for data processing and modeling, and agentic AI workspaces for building intelligent, policy-enforced workflows.
  • All actions are logged for transparency, accountability, and compliance.
  • Access is governed by roles, from organization-wide to workspace-specific.

With Opaque, your organization can unlock insights from sensitive data while maintaining privacy, security, and control at every step.