Privedge
Infrastructure

Why Cloudflare
is the right foundation.

Privacy infrastructure requires a runtime that is isolated by design, globally distributed, and audited at the network layer. Cloudflare Workers provides all three — and Privedge inherits the compliance posture that took Cloudflare years to earn.

310+
Edge cities worldwide
<50ms
P99 global latency
100 Tbps
DDoS mitigation capacity
0 bytes
Prompt data written to disk (Free/Pro)
Security model

One request.
One isolate.
Zero shared state.

Every prompt that passes through Privedge runs inside a dedicated V8 isolate — the same sandboxing model that separates Chrome tabs. There is no shared heap, no global variables, no possibility of one tenant's data leaking into another's request.

The isolate is created at request time and destroyed immediately after. Nothing persists in memory between invocations. The token map lives only in the isolate's V8 heap for the duration of the single request lifecycle.

This is the architecture guarantee: even if an attacker compromises one isolate, they access data from exactly one request. There is no lateral movement possible.

Request lifecycle
01
Incoming prompt
TLS 1.3 — encrypted in transit
02
V8 isolate spawned
Dedicated heap · zero shared state
03
PII detection + tokenization
Token map lives in isolate heap only
04
Sanitized prompt forwarded
PII replaced with opaque tokens
05
Response de-tokenized
Original values restored from heap
06
Isolate destroyed
Heap wiped · token map gone
Global edge network

Data processed where your
users already are.

Cloudflare's anycast network routes every request to the nearest point of presence automatically. A user in Madrid hits the Madrid PoP. A user in Singapore hits Singapore. The PII never travels further than it needs to.

Europe
Amsterdam · Frankfurt · Madrid · Paris · Warsaw · Stockholm
GDPR · NIS2
North America
New York · Chicago · Los Angeles · Toronto · Miami · Dallas
HIPAA · CCPA
Asia Pacific
Singapore · Tokyo · Sydney · Mumbai · Seoul · Hong Kong
PDPA · APPI

310+ cities total · full list at cloudflare.com/network

Edge Inference

Workers AI runs on the
same node as your request.

When PII is detected and edge inference is enabled, Privedge invokes Cloudflare Workers AI on the same edge node that received your request. There is no round-trip to any external service — the model and the data share the same physical machine.

Architectural guarantee: PII never leaves the Cloudflare edge node. No cloud API call, no third-party model access, no network transmission of sensitive data.

Learn more about Edge Inference →
LLaMA 3.2 3B Fast

Low-latency, high-volume tasks — ~$0.00013/req

LLaMA 3.1 8B Balanced

General-purpose Q&A and summarization — ~$0.00039/req

LLaMA 3.3 70B Max quality

Complex reasoning, equivalent to GPT-3.5 — ~$0.00082/req

Data residency

Your data stays
in your jurisdiction.

Cloudflare Regional Services lets Enterprise customers pin processing to specific geographic regions. EU customers can guarantee that PII never leaves the European Economic Area — a hard requirement for GDPR Chapter V compliance.

🇪🇺
European Union
Processing pinned to EEA PoPs only · GDPR Chapter V compliant
🇺🇸
United States
US-only processing · HIPAA + CCPA alignment
🌐
Custom region
Pin to any Cloudflare Regional Services zone on Enterprise
Storage architecture by tier
Free Zero persistent storage

Isolate heap only. Nothing written anywhere. Token map exists for request duration only.

Pro Audit metadata · 30 days

Timestamps, pii_types[], latency_ms, status_code. Prompt content never stored.

Enterprise Encrypted KV + R2 audit logs

Token maps in Workers KV (AES-256, per-customer key). Full audit trail in R2 with custom retention.