Hub is live GraphQL Federation Reimagined. Design, Govern and Ship at scale.→
WunderGraph
Cosmo Compliance

Compliance controls, built into Cosmo

IP anonymization, variable export control, field-level data obfuscation, and SOC 2 Type II certification. Privacy and security enforced at the router, with no subgraph changes.

Start FreeRead the Docs

SOC 2 Type II certified. GDPR, HIPAA, and ISO 27001 supported.

Overview

Privacy and security at the gateway

Cosmo compliance is the set of privacy and security controls built into the Cosmo Router and Cosmo Cloud platform. Controls operate at the gateway layer, which means they apply to every subgraph uniformly without touching individual services.

The default controls (IP anonymization and variable exclusion) activate automatically on every deployment. Advanced controls (field-level obfuscation via Custom Modules) are available on Pro and Enterprise plans. Compliance certifications and documentation are available for regulated industry deployments.

Why gateway-level compliance matters

Why teams choose compliance at the router

Distributed services make compliance expensive. Each subgraph implements its own controls independently, and gaps appear at every team boundary.

Teams managing compliance across federated GraphQL run into the same problems.

Privacy controls drift across services.

When each subgraph implements IP anonymization or variable filtering independently, the guarantees are uneven. One unconfigured service is a compliance gap.

PII ends up in telemetry by default.

Most OTEL instrumentation captures all span attributes. IP addresses and GraphQL variables land in your observability platform without explicit exclusion.

Field-level access control is expensive to maintain.

Adding masking logic to individual resolvers means touching every subgraph and keeping that logic in sync as schemas evolve.

Vendor qualification takes months.

Regulated industries require documentation for every component in the stack. A vendor without certifications creates a gap that requires compensating controls.

Cosmo enforces privacy and security at the router. One control point covers every subgraph behind it.

Cosmo Compliance capabilities

IP Anonymization

IP addresses are anonymized before any trace, metric, or log is written. Choose redact (complete removal) or hash (one-way identifier for anonymous analytics). Enabled by default with no configuration required.

Free / Pro / Enterprise

Variable Export Control

GraphQL variables are excluded from OTEL trace exports by default. Sensitive request data stays out of your observability platform unless you explicitly enable capture for debugging or query replay.

Free / Pro / Enterprise

Use cases

GraphQL compliance use cases

Real scenarios from regulated industries and privacy-conscious teams, and the Cosmo control behind each one.

GDPR

Deploy GraphQL analytics without capturing user IPs

Scenario

A European SaaS platform needs full API analytics but cannot store raw IP addresses under GDPR data minimization rules.

How Cosmo handles it

Deploy the Cosmo Router with default settings. IP addresses are anonymized before any telemetry export. Switch to hash mode if you need anonymous user session tracking across requests.

Outcome

Full analytics capability with no raw IP addresses in any telemetry sink. GDPR data minimization satisfied at the infrastructure level.

Financial services

Keep transaction variables out of distributed traces

Scenario

A fintech company processes transactions via GraphQL. Variables contain account numbers, amounts, and user identifiers that should not appear in trace data.

How Cosmo handles it

Deploy the Cosmo Router with default variable export settings disabled. Traces capture operation names, timing, and error details. Variables are stripped automatically.

Outcome

Full observability into API performance without sensitive transaction data appearing in the observability platform or SIEM.

AI integration

Expose GraphQL to AI models without PII leakage

Scenario

A team wants to allow AI models to query their GraphQL API for non-sensitive use cases but needs to prevent access to fields like SSNs or medical information.

How Cosmo handles it

Implement a Custom Module with a field-value renderer that identifies AI system requests by header or authentication claims. Protected fields return placeholder values; other fields are unaffected.

Outcome

AI models interact with realistic response structures. Sensitive fields return placeholders. No subgraph changes required.

Audit

Pass a SOC 2 vendor review for GraphQL infrastructure

Scenario

A fintech company needs to include their GraphQL gateway in a SOC 2 Type II audit scope and demonstrate vendor compliance.

How Cosmo handles it

Request Cosmo's SOC 2 Type II report. Reference built-in controls: IP anonymization, variable exclusion, RBAC, HMAC-signed configuration, and SSO integration. Self-hosted Router keeps request data within the audit boundary.

Outcome

Vendor compliance section of the audit completed with documented controls and an existing certification.

Which compliance capability do you need?

If you are…Start here
Need to anonymize IP addresses in telemetry by defaultIP Anonymization
Preventing sensitive variables from appearing in tracesVariable Export Control
Masking response fields by user role without subgraph changesAdvanced Data Privacy
Deploying GraphQL in healthcare, finance, or governmentCompliance Certifications
Need SOC 2 Type II documentation for a vendor reviewCompliance Certifications
Exposing GraphQL to AI systems while protecting sensitive fieldsAdvanced Data Privacy

How Cosmo Compliance compares

CosmoApollo RouterDIY / subgraph-level
IP anonymization by defaultYes (all plans)ManualPer-service
Variable exclusion from tracesYes, default offManualManual
Field-level obfuscationCustom Modules (Pro/Enterprise)ManualPer-resolver
SOC 2 Type II certificationYesYesSelf-built
Self-hosted Router for data isolationYesYesN/A
Config integrity signingHMAC-SHA256N/AN/A

Why teams trust Cosmo for compliance

  • Privacy controls that activate by default. IP anonymization and variable exclusion work from the first request. There is no configuration step to remember.
  • One control point for every subgraph. Compliance logic at the router applies uniformly. Adding a new subgraph does not require a new round of privacy configuration.
  • Certifications that speed up vendor review. SOC 2 Type II, GDPR, HIPAA, and ISO 27001 support are documented and available. Regulated industry teams reach production faster.
Get started

Run compliant GraphQL federation on the Cosmo Router

Start FreeRead the Docs
Hub is live GraphQL Federation Reimagined. Design, Govern and Ship at scale.→

Certified & Compliant

SOC2 certifiedSOC 2 Type II
HIPAA CompliantHIPAA
ISO 27001 certifiedISO 27001
Platform Status →

© 2026 WunderGraph, Inc. All rights reserved.

Cookie PolicyCookie Preferences
RSSAtomJSON