Privacy Agent
The Privacy Agent is a lightweight service you run inside your own network, sitting between your data sources and the MeasuredCloud SaaS. Instead of the cloud connecting to your warehouse directly, the agent does the work locally, so raw data, credentials, and query results never leave your perimeter. Only the run metadata MeasuredCloud needs to display (pass/fail counts, health scores, and the schema fields you choose to surface) flows out.
This is the difference between the two connection modes:
| Mode | Where validation runs | What leaves your network | |---|---|---| | Direct | MeasuredCloud connects to your data source | Encrypted credentials stored in the cloud; queries run from cloud infra | | Agent (Privacy Agent) | The agent runs validation on-prem | Nothing but run metadata/results, no credentials, no data, no row samples |
What the agent does
- Holds your credentials locally. Connection strings live with the agent, on your infrastructure, never in the cloud.
- Runs profiling and validation in your network. The agent executes the rules against your data sources locally and computes results.
- Sends only metadata back. MeasuredCloud receives the pass/fail outcome, counts, and health, enough to show dashboards, history, and alerts, but never the underlying rows or query results.
- Optionally runs AI on-prem too. Pair the agent with a local LLM (Ollama, vLLM, or a private endpoint) so AI rule generation and anomaly explanations also stay inside your network.
Your network │ MeasuredCloud (SaaS)
│
Data sources ──► Privacy Agent ──► (local LLM) │
│ │ │
└──────────────┘ │
validation + profiling run here │
│ │
└──── run metadata only ────►│ Dashboards, history, alerts
(no data, no results) │
Why use it
- Regulated data, healthcare (PHI), finance (PCI), legal: keep everything in-network.
- Air-gapped / VPC-only, works where the cloud can't reach your warehouse.
- Data residency, results and samples stay in your jurisdiction.
Available on the Enterprise plan. Contact sales to add it.
Deployment
The agent runs as a container alongside your stack. Point it at MeasuredCloud with an agent token (issued in Settings → Privacy Agents), and at a local LLM if you want on-prem AI.
# docker-compose.yml
services:
privacy-agent:
image: registry.measured.cloud/privacy-agent:latest
environment:
MEASURED_CLOUD_URL: https://app.measured.cloud
AGENT_TOKEN: dqa_••••••••• # from Settings → Privacy Agents
# optional: route AI through a local model so it also stays on-prem
LLM_BACKEND: ollama
OLLAMA_URL: http://ollama:11434
OLLAMA_MODEL: llama3.1:8b
# the agent reaches your data sources on your private network
ollama: # optional, only for on-prem AI
image: ollama/ollama:latest
volumes:
- ollama_models:/root/.ollama
volumes:
ollama_models:
Pull a model for on-prem AI:
docker exec -it ollama ollama pull llama3.1:8b
On-prem AI model recommendations
| Use case | Recommended model | Notes |
|---|---|---|
| Rule generation | llama3.1:8b or better | Needs solid JSON output |
| Anomaly explanations | llama3.1:8b | Any capable model works |
| Best quality | larger local model on GPU | Near-frontier quality on-prem |
llama3.1:8b runs comfortably on a CPU host with 16GB+ RAM; GPU inference unlocks larger models.
Privacy guarantees
With the Privacy Agent:
- Credentials never leave your network
- No query results or row samples leave your network
- With a local LLM, no schema metadata reaches any external AI provider
- Works fully offline / air-gapped for both validation and AI