The recent advancement of serverless computing in the widespread deployment of applications prompts the need to protect serverless workflows against cloud vulnerabilities and threats. We propose PrivFlow, a workflow-centric, privacy preserving framework to protect the information flow in serverless computing applications in semi-honest (S-PrivFlow) and malicious (M-PrivFlow) adversarial settings. An Authenticated Data Structure is used to store the valid workflows encoded in the proposed format. The validation of workflows is performed in a privacy preserving manner that leaks no sensitive information to any unauthorized user. We focus on the two most prevalent attacks on the serverless cloud platforms, namely the Denial-of-Wallet and Wrong Function Invocation attacks. We demonstrate that PrivFlow mitigates both of these attacks. Further, we evaluate PrivFlow on the popular benchmark application- Hello Retail, and a customized scaled application. Though the comparison with the state-of-the-art approaches in terms of the runtime performance shows a latency of 1.6 times for S-PrivFlow and 8 times for M-PrivFlow, the PrivFlow provides high security and privacy. PrivFlow acts as a wrapper to the application resulting in no change to the source code.