Get a DemoStart Free TrialSign In

Security and Compliance

The security and privacy of your data is the biggest consideration in everything we do since you are placing your trust in our service. We want you to know that we have implemented security standards and operational processes using industry standards to protect your data. gives you all the tools and control over what data you send to our platform. You may configure your applications and infrastructure to only send the data you need.

  • ISO 27001 certified ELK logging and metrics company

    ISO 27001 Certified

  • GDPR compliant ELK logging and metrics company

    GDPR Compliant

  • HIPAA compliant ELK logging and metrics company

    HIPAA Compliant

  • SOC2 compliant ELK logging and metrics company

    S0C 2 Compliant

  • Controlled Data center access by CCTV

    Access to our facilities are protected by security staff with video surveillance

HTTPS and TLS secure connections uses HTTPS for all services using TLS (SSL) on our public website and the platform.

Data is transmitted securely from your system to using Transport Layer Security (TLS). We offer a range of endpoints, giving you the choice of the protocol used.

Our endpoints can require the use of unique API keys that are specific to each stack. API keys allow you to ingest data only from trusted sources. API Keys are managed and owned by you.

Data which contains restricted information can be filtered out before it leaves your infrastructure.

Send your Logging and Metrics data via SSL/TLS, Secure data in transit
Secure and authenticate your logging and metrics data

Secure Authentication

To get access to your data, your team may login to our secure web application through HTTPS. Users access their data through secure sessions encrypted using TLS.

We enforce best practices for password creation with rules including a minimum character count and the use of uppercase characters and digits.

We also offer our customers Federated Identity (FID) or Single Sign-On (SSO), including Google Sign-in, SAML, Otka, One Login and more.

Additionally, two factor authentication can be turned on to secure your account.

Role-Based Access Control

We give you control over which members of your organisation have access to your data, which stacks they are allowed to see, and which settings they are allowed to change through our internal role based access controls (RBAC).

Via our Managed OpenSearch service we also offer users Kibana read only & Dashboard read only roles with index, document and field level access restrictions.

Role Based Access control to you logging and metrics
ISO 27001 Compliance giving you the confidence in our commitment to security

Compliance and Certifications is audited by an ISO/IEC 27001:2013 UKAS certified auditor and is ISO/IEC 27001:2013 certified. ISO/IEC 27001:2013 is a standard for an Information Security Management System (ISMS), specifying the policies and procedures for all legal, physical, and technical controls used by an organisation to minimise risk to information.

It is’s policy to maintain an ISMS designed to meet the requirements of the ISO/IEC 27001:2013 standards in pursuit of its primary objectives, purpose and the context of the organisation. We also operate in compliance with GDPR, HIPAA, PCI and SOC 2. is also the only observability platform that operates in compliance with Cyber Essentials, an essential cybersecurity accreditation for UK based businesses.

Cyber Essentials is a government-backed compliance standard offered by the National Cyber Security Centre (NCSC) that enables companies to demonstrate that they have protected themselves against the most common causes of cyber-attacks.

To accomplish this we make use of industry leading security tools and best practices to ensure the highest level of security at You can request a copy of the certification from your sales representative.

Data Storage and Deletion

All data is encrypted at rest with AES-256, keys are rotated and monitored continuously. All of your logging and metrics data is permanently deleted at the end of your retention period or on deletion of a stack.

Elastic search logging and metrics data is encrypted at rest and securely deleted after your retention period
Full Incident response procedures

Incident response

We take security incidents very seriously. We will investigate the issues and seek to resolve them quickly. When a security issue has the potential to affect our customers, we will follow industry best practices for disclosure and notification. If you have questions, suggestions, or believe you have identified a vulnerability, please contact us directly at [email protected].

If you have any questions after reading this, or have any issues at all please get in touch.


Trusted By Thousands

Ready to get going?

Try our 14 day free trial

No credit card required + get 20% off any annual plan when you subscribe

Create Account

© 2024 Ltd, All rights reserved.