Security and Privacy at Lightstep
Lightstep’s Satellite Architecture is purpose-built to provide security and protect privacy.
Observability and Security at Scale
- You control what data is sent to Lightstep. Data is sent from customer systems to LightStep satellites via explicit source code instrumentation that uses open source instrumentation libraries. Only data that customer engineers choose to send will ever leave the process and be reported to the Lightstep satellites.
- You control how long data is retained. Customers control the retention period for raw traces (representing an individual request).
- We do not collect PII or other sensitive customer data. Lightstep satellites have data scrubbing capability to remove sensitive data before it can leave the data center. Scrubbed data will never be sent out of the VPC, will not be accessible to queries from the Lightstep system, and will never be visible in the Lightstep user interface or exist in memory or durable data stores in the Lightstep system
- Satellites can be hosted on premises. You have more control over your data. This includes network controls, closed system data ingress, and private satellite keys.
Combining complete system visibility with end-to-end security.
- Encryption in Transit and At Rest: All data sent to and stored by Lightstep is encrypted
- Satellite Architecture: Defense-in-depth control of telemetry within your datacenter
- SSO with SAML: Manage team access with your SAML identity provider
- Role-Based Permissions: Control access to data, settings, and Lightstep features
- Continuous Scanning and Testing: Lightstep uses a variety of tools and vendors – including vulnerability scanning, web application scanning, and penetration testing – to help keep our systems secure.
- SOC 2 Aligned: We follow best practices and maintain careful controls to protect your data.
Lightstep and GDPR
Lightstep is compliant with the General Data Protection Regulation (GDPR). Our products, processes, and procedures meet obligations as a data processor. You can find our subprocessors here.