AIQu VEIL
Your analysts run ML on protected data. Your admins see raw values. You configure which columns to protect and which roles bypass. No data leaves your account.
How it works
Section titled “How it works”- Train an encoder on your feature columns
- The encoder learns a compressed, non-invertible representation
- A column policy intercepts queries and replaces raw features with encoded vectors
- Admins bypass the policy and see raw data
- Everyone else sees latent vectors suitable for ML but not reversible to raw values
Encoders are deterministic autoencoders trained on your data inside your environment. Training and inference happen in-account. No data leaves.
Platforms
Section titled “Platforms”| Platform | Enforcement | Compute |
|---|---|---|
| Snowflake | Masking policies | SPCS containers |
| Databricks | Column masks (Unity Catalog) | Serverless / cluster UDF |
| AWS | Column-level access control | SageMaker endpoint |
Key properties
Section titled “Key properties”Non-invertible. The encoder discards the decoder after training. You cannot reconstruct exact input from the latent vector.
Non-invertible is not non-informative. If the latent vector is useful for ML, it contains task-relevant information. When sensitive attributes correlate with the task, partial information leaks. Defense in depth (role management, monitoring, access controls) is essential.
Deterministic. The same input always produces the same output. This preserves joins, aggregations, and downstream pipeline reproducibility.
Schema protection. Feature views hide column names behind a single features array. Queries reference features, not individual columns.
Application roles
Section titled “Application roles”| Role | Access |
|---|---|
| app_user | Query views, call encode function |
| app_admin | All procedures: train, protect, start/stop, schedule, delete |
app_admin inherits app_user.