Privacy & On-Device DLP
Payload capture is the most sensitive capability in Waxell Endpoints, so it's built to be conservative by design. This page states exactly what it does and does not do, so you can deploy it with confidence and explain it to your security, privacy, and legal teams.
The four guarantees
- Capture is off by default. Installing the agent enables discovery and metadata only. Nothing is intercepted or decrypted until an admin explicitly enables a host on the Guard cascade.
- Only catalog AI hosts can be captured. TLS is terminated only for hosts on Waxell's curated AI-provider catalog — never banking, health, mail, or any non-AI destination, even if someone tries to add one.
- Redaction happens on the device, before upload. Secrets and PII are stripped locally. The raw payload never leaves the machine — the control plane only ever receives the redacted form.
- It's attributable and revocable. Every capture is tied to a device, process, and governed agent; capture can be turned off for any scope at any time by editing or deleting the Guard layer.
What "on-device DLP" means
When capture is enabled for a host, the flow is:
AI request ──► proxy terminates TLS ──► DLP redaction (on device) ──► upload redacted only
│
raw payload stays local,
is never uploaded
The redaction step runs inside the agent on the endpoint. By the time anything crosses the network to Waxell, secrets and PII have already been removed. This is the difference between a capture system that moves your data to be scrubbed and one that scrubs before it moves — Waxell is the latter.
Why TLS termination here is safe
Capture relies on the tenant CA: the device already trusts your tenant's private root, so the proxy can present a leaf cert for an AI host that chains to it and read the stream — without a certificate warning and without weakening trust for anything else. Because the host list is restricted to the AI catalog, that capability physically cannot be pointed at your bank or your health portal.
Metadata vs. capture — the privacy trade
Most deployments run metadata-only indefinitely and that's a deliberate, defensible posture: you get the inventory, attribution, and activity record with no payload ever touched. Turn on capture only where the added evidence is worth the (already heavily mitigated) sensitivity — e.g. a specific AI host you need to audit for data exfiltration.
| Metadata-only (default) | Capture (opt-in, per host) | |
|---|---|---|
| Payload touched | Never | Terminated + DLP-redacted on device |
| Hosts | All AI apps | Only enabled catalog AI hosts |
| Leaves device raw | No data | Never (redacted form only) |
| Good for | Inventory, attribution, baseline | Targeted audit of a specific host |
Operational notes
- Scope tightly. Use the cascade to enable capture at the narrowest scope that meets your need — a device or app type, not Global — and widen only deliberately. See Enabling capture.
- Verify with Resolve. The Guard resolver shows exactly which scope turned capture on, so there are no surprises.
- Tell your users. Capture changes the privacy posture of a machine; pair it with whatever notice your policies require.
Next
- Enabling capture — the step-by-step to turn it on safely.
- How it works — where DLP sits in the architecture.