Controlled data access

Capability 02 · Controlled data access

Govern what the LLM sees, and what users get back.

LangGrant runs inside your premises and reads rows directly — but the public LLM only ever receives schema and metadata, never row data. Users and autonomous agents see only what their role and intent allow. Token spend is bounded before a question is even answered.

Request a demo
See the controls
  • Rows never leave your premises
  • Column-level PII control
  • Enforced token budgets

Trusted in regulated industries

Deployed where data control is a hard requirement.

LangGrant is built by Windocks, whose database delivery technology is in production at healthcare payers, insurers, pharmaceutical companies, claims processors, and global retailers — environments where data movement is constrained by law, policy, or audit.

Enterprises using Windocks technology
Healthcare & payersPHI / HIPAA constraints on data leaving production systems.
Insurance & claimsPII and underwriting data with role-based visibility requirements.
Pharma & retailCross-region data residency and compliance for AI workloads.

Three layers of control

Control the model. Control the user. Control the cost.

Most AI-on-data initiatives stall in security review because the controls were retrofitted. LangGrant treats data exposure, role access, and token spend as first-class policy objects, not a config file.

01 · The public LLM sees schema, not rows

Rows never leave your premises. The public LLM only ever sees structure.

LangGrant deploys inside your network or VPC and reads rows from your databases as needed to compute answers. The public LLM, on the outside, only receives the schema slice, relationships, and metadata it needs to plan the work — the row data itself never crosses the premises boundary.

  • LangGrant runs inside your network or VPC; row data stays on your premises
  • The public LLM receives schema, descriptions, and relationships — never rows
  • Use OpenAI, Anthropic, Google, or a locally hosted model under the same policy
  • Works on production data (or a standby replica); no copy into a vector store required

02 · Role and intent based access

Column-level access aligned to the role, the intent, and the agent calling in.

A finance analyst, a system administrator, and an autonomous reporting agent ask different questions and need different visibility. LangGrant maps each caller to an explicit policy: which columns are visible, which are masked, and what can be returned.

  • Roles include system administrator, DBA, token budget administrator, PII-authorized
  • Intent-based filters layered on top of role for autonomous agents
  • Column-level visibility and masking for PII fields
  • Generate a masked database for non-PII users and test environments
Callercustomer_namessnrevenue
PII-authorized analystvisiblevisiblevisible
FP&A analystvisiblemaskedvisible
Reporting agentmaskedblockedvisible
Public LLMschema onlyschema onlyschema only

03 · Token budgets

Estimate before answering. Track every call. Stop when the budget is gone.

AI bills don’t surprise teams that run LangGrant. Token usage is estimated before the model is invoked, every call is tracked against a budget, and limits are enforced. Persisted Agent Workflows reuse prior work instead of paying the LLM again — but the controls hold either way.

  • Token estimates returned before a question is answered
  • Per-user, per-role, and per-agent budgets
  • Hard limits enforced at the policy layer, not in a reporting dashboard
  • Reused Agent Workflows cost zero new LLM tokens

Source database access

Highly protected source database access.

How LangGrant connects to your source databases matters as much as what it does once connected. LangGrant supports OS-trusted connections that avoid storing SQL passwords entirely, encrypts any credentials it does have to store using the strongest algorithm the host OS provides, and runs against read-only source accounts when you want belt-and-braces protection.

Supported

OS-credentialed connections, no SQL passwords stored

The LangGrant agent can connect to source databases using OS-trusted credentials — Windows Authentication, Kerberos, integrated auth — so no SQL password is ever issued, transmitted, or stored anywhere in the LangGrant stack.

Encrypted at rest

Stored credentials are encrypted with the strongest OS-native algorithm

When credentials must be stored, LangGrant’s system database keeps only the encrypted form — using the most modern algorithm the host OS makes available (for example, DPAPI on Windows, equivalent OS-native key stores elsewhere). The plaintext is never persisted.

Supported

Read-only source database accounts

LangGrant can connect to your databases through a read-only account, so the connection itself cannot mutate production data — a useful additional layer on top of role and intent policy for AI workloads.

Get started

Walk through your policy on real production data.

Bring a database with real role boundaries — PII columns, regional restrictions, agent-driven workflows. We’ll show you how LangGrant enforces each layer, end to end, in a working session.

  • Map your existing roles to LangGrant policy
  • Test column-level PII masking on real rows
  • Set token budgets and see them enforced live
Let's talk