// Trust & Security Report

    Prefect Technologies, Inc. logo

    Prefect Technologies, Inc.

    Workflow orchestration and AI infrastructure platform: open-source Prefect (self-hosted Python workflow orchestration, Apache 2.0), Prefect Cloud (managed orchestration with SSO/RBAC/governance), Prefect Horizon (managed AI infrastructure: MCP gateway, server registry, agent governance), and FastMCP (open-source framework for building MCP servers)

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II (Prefect Cloud)
    HELD

    SOC 2 Type II certified ... Independently audited security controls proving commitment to data protection and operational excellence

    Verify on prefect.io
    SOC 2 Type 2 audit report (2025, listed in trust center documents)
    HELD

    Prefect SOC 2 Type 2 2025 Audit Request

    Verify on trust.prefect.io
    SOC 2 Type I (Prefect Horizon, separate/newer product)
    HELD

    Prefect Horizon SOC 2 Type 1 (March 2026) Request

    Verify on trust.prefect.io
    GDPR (compliance posture, not a certification)
    HELD

    GDPR compliant

    Verify on prefect.io
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence: not listed in the trust center Documents/Controls sections, not mentioned on prefect.io/security. A third-party security-scoring aggregator (Nudge Security, not a vendor-domain source) claims Prefect is 'ISO 27001 compliant' alongside PCI, HIPAA, FedRAMP, and CSA STAR, but this is not corroborated on any prefect.io or trust.prefect.io page and is not used as evidence per the vendor-domain-only rule.

    source: trust.prefect.io
    HIPAA
    NOT CONFIRMED

    HIPAA ready

    source: prefect.io
    PCI DSS
    NOT CONFIRMED

    No public evidence: not referenced on prefect.io/security, trust.prefect.io, or the privacy policy. Not applicable to Prefect's core product (workflow orchestration metadata, not payment processing).

    source: trust.prefect.io
    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence found on prefect.io or trust.prefect.io for AI-management-system certification, despite Prefect Horizon being explicitly marketed as an AI/MCP governance product.

    source: trust.prefect.io
    CSA STAR
    NOT CONFIRMED

    No public evidence: not listed in the trust center's Documents or Controls sections. A third-party aggregator (Nudge Security) claims 'CSA Star Level 1' but this is not a vendor-domain source and could not be corroborated.

    source: trust.prefect.io
    FedRAMP
    NOT CONFIRMED

    No public evidence on any prefect.io or trust.prefect.io page. A third-party aggregator (Nudge Security) mentions FedRAMP but this is unverified and not a vendor-domain source.

    source: trust.prefect.io

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States primarily; the privacy policy states data 'may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction,' with no dedicated EU/regional data-residency option described.

    The privacy policy does not address AI/ML model training on customer data, and Prefect's core products (workflow orchestration, MCP gateway) are infrastructure tools rather than generative-AI products, so this is largely not applicable in the way it is for chatbot/content tools. Notably, the trust center's Subprocessors list includes OpenAI, but no page explains what OpenAI processes or whether any customer content passes through it. No DPA is linked from the privacy policy itself; the policy directs users to legal@prefect.io to obtain one. The security page states 'Your code and data never leave your infrastructure' for the hybrid execution model (Prefect Cloud stores only orchestration metadata: flow names, parameters, logs, not customer code/data/credentials), which materially limits what data Prefect could train on even if it wanted to.

    // Security controls

    Encryption in transit

    TLS 1.2+ enforced

    prefect.io

    Encryption at rest

    Data encrypted at rest with workspace-unique encryption keys

    prefect.io

    Penetration testing

    Annual third-party penetration testing; a 'Prefect Pentest Report 2026' is available on request via the trust center

    trust.prefect.io

    Architecture / data isolation

    Hybrid execution model: Prefect Cloud stores only orchestration metadata (flow names, parameters, logs); customer code, data, and credentials remain on the customer's own infrastructure

    prefect.io

    Enterprise access control

    SSO and SCIM provisioning, RBAC with object-level permissions, audit log retention, IP allowlisting, and PrivateLink support on higher-tier plans

    prefect.io

    Subprocessors

    Disclosed subprocessors include AWS, Google Cloud Platform, OpenAI, SendGrid, and WorkOS

    trust.prefect.io

    // Products & data scope

    Prefect (open source)Self-hosted workflow orchestration framework

    data: Runs entirely in the user's own infrastructure; no data sent to Prefect

    Apache 2.0 license, ~22.7k GitHub stars; no compliance certification applies since Prefect never operates or hosts it

    Prefect CloudManaged workflow orchestration (SaaS)

    data: Stores orchestration metadata only (flow names, parameters, logs); customer code/data/credentials stay on customer infrastructure

    Holds SOC 2 Type II; tiers from free Hobby through Enterprise; enterprise tiers add SSO, RBAC, audit logs, IP allowlisting, PrivateLink

    Prefect HorizonManaged AI infrastructure (MCP gateway, server registry, agent governance)

    data: Brokers AI agent access to internal systems via MCP; separate, newer product with its own SOC 2 Type I (March 2026), not the same report as Prefect Cloud's SOC 2 Type II

    Marked 'NEW' on the vendor site; compliance maturity trails Prefect Cloud (Type I vs. Type II)

    FastMCPOpen-source framework for building MCP servers

    data: Self-hosted / runs in user infrastructure

    Marketed as used by '70% of MCP servers'; no compliance certification applies (Prefect does not host it)

    // What to watch

    • Two distinct SOC 2 reports exist for two distinct products: Prefect Cloud has SOC 2 Type II (per trust center: 'Prefect SOC 2 Type 2 2025 Audit'), while the newer Prefect Horizon has only SOC 2 Type I (per trust center: 'Prefect Horizon SOC 2 Type 1 (March 2026)'). A listing must not present a single blanket 'SOC 2 Type II' badge for the whole company; it should be scoped to Prefect Cloud specifically.
    • HIPAA is marketed as 'HIPAA ready' on prefect.io/security, which is a softer claim than 'HIPAA compliant' or a signed BAA offering; no BAA, HIPAA attestation, or dedicated HIPAA page was found in the trust center. Graded held=false to avoid over-stating this as a certification; flagged for advisor review given the ambiguity between 'ready' and an actual compliance guarantee.
    • A third-party aggregator (Nudge Security, not prefect.io) claims Prefect holds ISO 27001, PCI DSS, HIPAA, FedRAMP, and CSA STAR Level 1 compliance. None of these are corroborated on trust.prefect.io or prefect.io/security. Per the vendor-domain-only evidence rule these were graded held=false, but the discrepancy between a public aggregator's claims and the vendor's own (much narrower) public disclosures is worth an advisor's attention in case Prefect has additional certifications not yet reflected on its public trust center.
    • GDPR is described as 'compliant' on the vendor's security marketing page, but the privacy policy itself does not reference a Data Processing Agreement, Standard Contractual Clauses, or an EU representative; users are directed to email legal@prefect.io for a DPA. This is a real but thinner GDPR posture than vendors with a self-serve DPA.
    • OpenAI is listed as a subprocessor in the trust center with no explanation of what data it processes or why; worth flagging for any prospective customer with strict data-processing requirements even though Prefect's core product does not appear to be data/content generation.

    // At a glance

    Pricing model

    Freemium tiered SaaS for Prefect Cloud (Hobby/Starter/Team/Pro/Enterprise) plus usage-based serverless credit minutes; Prefect Horizon appears separately tiered/managed; core Prefect and FastMCP are free open source (Apache 2.0)

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Prefect Technologies, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.prefect.io

    > Browse all vendor trust reports