// Trust & Security Report
Prefect Technologies, Inc.
Workflow orchestration and AI infrastructure platform: open-source Prefect (self-hosted Python workflow orchestration, Apache 2.0), Prefect Cloud (managed orchestration with SSO/RBAC/governance), Prefect Horizon (managed AI infrastructure: MCP gateway, server registry, agent governance), and FastMCP (open-source framework for building MCP servers)
Certifications held
4
Maturity
Growth
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on prefect.io“SOC 2 Type II certified ... Independently audited security controls proving commitment to data protection and operational excellence”
Verify on trust.prefect.io“Prefect SOC 2 Type 2 2025 Audit Request”
Verify on trust.prefect.io“Prefect Horizon SOC 2 Type 1 (March 2026) Request”
> Show 6 unconfirmed / not-held certifications
source: trust.prefect.ioNo public evidence: not listed in the trust center Documents/Controls sections, not mentioned on prefect.io/security. A third-party security-scoring aggregator (Nudge Security, not a vendor-domain source) claims Prefect is 'ISO 27001 compliant' alongside PCI, HIPAA, FedRAMP, and CSA STAR, but this is not corroborated on any prefect.io or trust.prefect.io page and is not used as evidence per the vendor-domain-only rule.
source: trust.prefect.ioNo public evidence: not referenced on prefect.io/security, trust.prefect.io, or the privacy policy. Not applicable to Prefect's core product (workflow orchestration metadata, not payment processing).
source: trust.prefect.ioNo public evidence found on prefect.io or trust.prefect.io for AI-management-system certification, despite Prefect Horizon being explicitly marketed as an AI/MCP governance product.
source: trust.prefect.ioNo public evidence: not listed in the trust center's Documents or Controls sections. A third-party aggregator (Nudge Security) claims 'CSA Star Level 1' but this is not a vendor-domain source and could not be corroborated.
source: trust.prefect.ioNo public evidence on any prefect.io or trust.prefect.io page. A third-party aggregator (Nudge Security) mentions FedRAMP but this is unverified and not a vendor-domain source.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
United States primarily; the privacy policy states data 'may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction,' with no dedicated EU/regional data-residency option described.
The privacy policy does not address AI/ML model training on customer data, and Prefect's core products (workflow orchestration, MCP gateway) are infrastructure tools rather than generative-AI products, so this is largely not applicable in the way it is for chatbot/content tools. Notably, the trust center's Subprocessors list includes OpenAI, but no page explains what OpenAI processes or whether any customer content passes through it. No DPA is linked from the privacy policy itself; the policy directs users to legal@prefect.io to obtain one. The security page states 'Your code and data never leave your infrastructure' for the hybrid execution model (Prefect Cloud stores only orchestration metadata: flow names, parameters, logs, not customer code/data/credentials), which materially limits what data Prefect could train on even if it wanted to.
// Security controls
Penetration testing
Annual third-party penetration testing; a 'Prefect Pentest Report 2026' is available on request via the trust center
trust.prefect.ioArchitecture / data isolation
Hybrid execution model: Prefect Cloud stores only orchestration metadata (flow names, parameters, logs); customer code, data, and credentials remain on the customer's own infrastructure
prefect.ioEnterprise access control
SSO and SCIM provisioning, RBAC with object-level permissions, audit log retention, IP allowlisting, and PrivateLink support on higher-tier plans
prefect.ioSubprocessors
Disclosed subprocessors include AWS, Google Cloud Platform, OpenAI, SendGrid, and WorkOS
trust.prefect.io// Products & data scope
data: Runs entirely in the user's own infrastructure; no data sent to Prefect
Apache 2.0 license, ~22.7k GitHub stars; no compliance certification applies since Prefect never operates or hosts it
data: Stores orchestration metadata only (flow names, parameters, logs); customer code/data/credentials stay on customer infrastructure
Holds SOC 2 Type II; tiers from free Hobby through Enterprise; enterprise tiers add SSO, RBAC, audit logs, IP allowlisting, PrivateLink
data: Brokers AI agent access to internal systems via MCP; separate, newer product with its own SOC 2 Type I (March 2026), not the same report as Prefect Cloud's SOC 2 Type II
Marked 'NEW' on the vendor site; compliance maturity trails Prefect Cloud (Type I vs. Type II)
data: Self-hosted / runs in user infrastructure
Marketed as used by '70% of MCP servers'; no compliance certification applies (Prefect does not host it)
// What to watch
- Two distinct SOC 2 reports exist for two distinct products: Prefect Cloud has SOC 2 Type II (per trust center: 'Prefect SOC 2 Type 2 2025 Audit'), while the newer Prefect Horizon has only SOC 2 Type I (per trust center: 'Prefect Horizon SOC 2 Type 1 (March 2026)'). A listing must not present a single blanket 'SOC 2 Type II' badge for the whole company; it should be scoped to Prefect Cloud specifically.
- HIPAA is marketed as 'HIPAA ready' on prefect.io/security, which is a softer claim than 'HIPAA compliant' or a signed BAA offering; no BAA, HIPAA attestation, or dedicated HIPAA page was found in the trust center. Graded held=false to avoid over-stating this as a certification; flagged for advisor review given the ambiguity between 'ready' and an actual compliance guarantee.
- A third-party aggregator (Nudge Security, not prefect.io) claims Prefect holds ISO 27001, PCI DSS, HIPAA, FedRAMP, and CSA STAR Level 1 compliance. None of these are corroborated on trust.prefect.io or prefect.io/security. Per the vendor-domain-only evidence rule these were graded held=false, but the discrepancy between a public aggregator's claims and the vendor's own (much narrower) public disclosures is worth an advisor's attention in case Prefect has additional certifications not yet reflected on its public trust center.
- GDPR is described as 'compliant' on the vendor's security marketing page, but the privacy policy itself does not reference a Data Processing Agreement, Standard Contractual Clauses, or an EU representative; users are directed to email legal@prefect.io for a DPA. This is a real but thinner GDPR posture than vendors with a self-serve DPA.
- OpenAI is listed as a subprocessor in the trust center with no explanation of what data it processes or why; worth flagging for any prospective customer with strict data-processing requirements even though Prefect's core product does not appear to be data/content generation.
// At a glance
Pricing model
Freemium tiered SaaS for Prefect Cloud (Hobby/Starter/Team/Pro/Enterprise) plus usage-based serverless credit minutes; Prefect Horizon appears separately tiered/managed; core Prefect and FastMCP are free open source (Apache 2.0)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Prefect Technologies, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.prefect.io