What is Expanso and how does it work?

Expanso is a managed platform for deploying intelligent data pipelines at the edge. It processes data where it's generated - reducing bandwidth, latency, and costs. You deploy lightweight agents on your infrastructure, build pipelines using our visual builder or YAML, and control everything from a central SaaS platform.

Can I run AI/ML models directly in my data pipelines?

Yes! Expanso supports running ONNX, TensorFlow Lite, and other models as native pipeline steps. Execute low-latency inference on streaming data, enrich events with model outputs (like risk scores), and make decisions at the edge without cloud round-trips.

How many pre-built components are available?

Expanso provides 200+ pre-built components including inputs (Kafka, HTTP, files), processors (transformations, filtering, PII masking, aggregations), and outputs (S3, Snowflake, Datadog, Splunk). Browse the complete catalog in our Component Reference.

Do I need to write code to build pipelines?

No - use our drag-and-drop visual pipeline builder to create sophisticated pipelines without code. For advanced use cases, you can also write pipelines in YAML or use the Bloblang transformation language for complex data mappings.

How does Expanso help with data governance and compliance?

Expanso includes built-in governance features: automatic PII detection and masking, policy enforcement at the edge, RBAC, SSO integration, and comprehensive audit trails. Mask sensitive data before it ever leaves your network.

Security & Compliance

Overview

Organizations face increasing regulatory requirements around data privacy, security, and auditability. PII exposure, data breaches, and compliance violations often occur during data collection and transmission - before security controls are applied. Processing data at the edge enables enforcement of security policies and compliance rules at the source, preventing violations before sensitive data enters your infrastructure.

Expanso's Approach to Security & Compliance

Expanso Edge applies security policies and compliance rules at the point of data collection, before transmission or storage. Edge agents automatically detect, redact, and control sensitive data according to configurable policies managed centrally.

Key capabilities:

Automated PII Detection: Identify and redact credit cards, SSNs, email addresses, phone numbers, and other PII using regex patterns or ML-based detection.
Policy Enforcement at Source: Apply data minimization, anonymization, and encryption policies before data leaves edge locations.
Audit Trail Generation: Automatically create tamper-evident audit logs showing what data was collected, transformed, and transmitted - required for GDPR, HIPAA, and SOC 2 compliance.
Encryption in Motion: Apply field-level encryption or format-preserving encryption at the edge, ensuring sensitive data is protected throughout its lifecycle.
Consent Management: Filter and route data based on user consent preferences, ensuring only authorized data flows to specific destinations.

Benefits of Edge Security & Compliance

Risk Reduction

Eliminate PII from datasets before transmission, reducing breach exposure surface
Prevent accidental logging or storage of sensitive credentials and tokens
Apply defense-in-depth by enforcing policies at collection, not just at storage
Reduce blast radius of security incidents through source-level data minimization

Compliance Automation

Meet GDPR "privacy by design" requirements through automated edge redaction
Ensure HIPAA compliance by de-identifying PHI before transmission
Satisfy PCI-DSS requirements by preventing credit card data from entering logs or analytics
Generate audit trails required for SOC 2, ISO 27001, and other certifications

Operational Efficiency

Centrally manage compliance policies deployed to thousands of edge locations
Automatic application of new regulations without code changes
Reduce manual audit workload through automated compliance logging
Simplify data retention policies by collecting only necessary, compliant data

Common Patterns

Automated PII Redaction Scan all data for patterns matching credit cards, SSNs, email addresses, phone numbers, and custom sensitive patterns. Replace detected values with tokens or redacted placeholders before data leaves the edge.

Field-Level Encryption Encrypt specific fields containing sensitive data at the edge using customer-managed keys. Only authorized downstream systems with decryption keys can access the original values.

Consent-Based Routing Check user consent preferences and route data accordingly: analytics-approved data to business intelligence, essential-only data to operational systems, full opt-out data is filtered entirely.

Audit Log Enrichment Automatically append compliance metadata to all events: who collected the data, when, under what policy, what transformations were applied, and where it was sent.

Data Minimization Apply principle of least privilege to data collection: filter unnecessary fields, aggregate granular data, and retain only what's required for legitimate business purposes.

Example Use Cases

Healthcare providers de-identifying patient records at the source, maintaining HIPAA compliance while enabling clinical analytics and research
Retail companies redacting payment card data from logs and analytics streams, preventing PCI-DSS scope expansion while maintaining fraud detection capability
SaaS platforms enforcing user privacy preferences at the edge, routing data according to consent levels before it enters analytics pipelines
Financial institutions detecting and tokenizing account numbers, SSNs, and sensitive customer data in real-time logs before centralized storage

Next Steps

Quick Start Guide: Build your first compliance-focused pipeline
Bloblang Transformations: Learn PII detection and redaction techniques
Mapping Processor: Apply redaction and transformation rules
Branch Processor: Route data based on compliance policies
Kafka Output: Send compliant data to downstream systems

Overview​

Expanso's Approach to Security & Compliance​

Benefits of Edge Security & Compliance​

Common Patterns​

Example Use Cases​

Next Steps​