Security and privacy at Lightstep
Lightstep’s Satellite Architecture is purpose-built to provide security and protect privacy.
- You control what data is sent to Lightstep. Data is sent from customer systems to LightStep satellites via explicit source code instrumentation that uses open source instrumentation libraries. Only data that customer engineers choose to send will ever leave the process and be reported to the Lightstep satellites.
- You control how long data is retained. Customers control the retention period for raw traces (representing an individual request).
- We do not collect PII or other sensitive customer data. Lightstep satellites have data scrubbing capability to remove sensitive data before it can leave the data center. Scrubbed data will never be sent out of the VPC, will not be accessible to queries from the Lightstep system, and will never be visible in the Lightstep user interface or exist in memory or durable data stores in the Lightstep system.
- Satellites can be hosted on premises. You have more control over your data. This includes network controls, closed system data ingress, and private satellite keys.
Combining complete system visibility with end-to-end security.
- Encryption in Transit and At Rest: All data sent to and stored by Lightstep is encrypted.
- Satellite Architecture: Defense-in-depth control of telemetry within your datacenter.
- SSO with SAML: Manage team access with your SAML identity provider.
- Role-Based Permissions: ontrol access to data, settings, and Lightstep features.
- Continuous Scanning and Testing: Lightstep uses a variety of tools and vendors – including vulnerability scanning, web application scanning, and penetration testing – to help keep our systems secure.
- SOC 2 Compliance: Lightstep uses the American Institute of Certified Public Accountants (AICPA) SOC 2 standard for measuring the security, confidentiality, and availability of our services. Our SOC 2 Type 2 report describes how we protect our customers’ data using technical and organizational controls to manage risk and oversee day-to-day operations.
Lightstep is compliant with the General Data Protection Regulation (GDPR). Our products, processes, and procedures meet obligations as a data processor. You can find our subprocessors here.