Customer Snowflake account
- Native App runtime on Snowpark Container Services
- Application state in Snowflake Hybrid Tables
- Customer-owned source tables, views, and policies
- Optional Cortex calls from the consumer environment
Security architecture
EntryLayer Native App information flow
This page is a public reviewer URL for Snowflake Marketplace security review. It shows where EntryLayer runs, where application state lives, how source data is read, and which limited metadata can leave the consumer account.
Diagram
Customer-account runtime, customer-account state.
EntryLayer is installed as a Snowflake Native App. The reviewed application package supplies the containers; runtime behavior, application state, source reads, and administrator operations happen inside the customer Snowflake environment.
Formless Logic provider boundary
Marketplace listing and reviewed app package Container images, manifest, setup SQL, service spec, and security review artifacts
Installs reviewed package into customer account
Customer Snowflake account
Users Browser / Snowsight session
Authenticated operators, builders, reviewers, and admins.
Authenticated UI requests
Public endpoint Web container
EntryLayer UI served from the Native App service.
Internal API calls
Internal service API container
Project, workflow, access, source, and billing logic.
Application state Snowflake Hybrid Tables
Projects, forms, submissions, memberships, audit history, and access logs.
Source data Customer Snowflake tables and views
Caller-rights reads preserve supported Snowflake grants, masking policies, and row access policies.
Optional helper Snowflake Cortex
Used for form generation through Snowflake when enabled.
API writes and reads app state
API reads supported sources as the signed-in user
API may request Snowflake-hosted generation help
Anonymous seat-day billing metadata only
Snowflake Marketplace billing
Billing events Billing month, seat days, days in month, monthly unit price cents, and calculation version.
Boundaries
What each boundary contains.
The provider boundary supplies the reviewed package and support process. The customer boundary is where runtime, state, source access, and operational work occur.
Formless Logic provider boundary
- Marketplace listing and application package
- Immutable container images submitted for review
- Support and Product Security communication
Data flow matrix
Reviewer-readable information flows.
These are the normal product flows to evaluate for Marketplace approval. Source data and application state are not copied to a provider-hosted SaaS database.
Source
Destination
Payload
Residency
Browser / Snowflake session
EntryLayer web endpoint
Authenticated UI requests and operator actions
Customer account runtime
Web container
API container
Internal application requests
SPCS service boundary
API container
Hybrid Tables
Projects, form versions, submissions, memberships, access logs, and workflow history
Customer Snowflake account
API container
Customer Snowflake sources
Caller-rights reads where supported by the source type
Customer Snowflake account
API container
Snowflake Marketplace billing
Anonymous seat-day and proration metadata only
Snowflake billing plane
Components
Runtime components reviewers should inspect.
- Web endpoint
- Public SPCS endpoint for the browser UI.
- API service
- Internal backend service that handles project, workflow, source, and billing operations.
- Hybrid Tables
- Primary application state store inside the consumer account.
- Caller-rights source reads
- Reads supported customer-owned Snowflake sources through the signed-in user context.
- Cortex connection
- Optional form-generation helper that runs through Snowflake, not provider-owned external APIs.
- Billing event path
- Uses Snowflake Marketplace billing metadata without business payloads.
Does not flow
No provider-side customer-data path is required for normal use.
- No provider-owned external API is required for normal product behavior.
- No EXTERNAL_ACCESS_INTEGRATION or NETWORK_RULE is used for provider API egress.
- No provider-hosted source-data copy is required for normal product use.
- No usernames, emails, project names, source table names, row values, PII, PHI, or business payloads are included in billing events.
- No mandatory event sharing is required for the product trust posture.
Questionnaire answer
Architecture diagram URL for Snowflake review
Provide this page as the architecture diagram link in the Native Apps Security Questionnaire.
https://entrylayer.ai/security/architecture