Trust center
Short-form answers for enterprise procurement, security review, and vendor onboarding. Contract-specific controls should be confirmed during security review.
Yes. Organizations support owner, admin, and member roles, team roles, and fine-grained permission overrides.
Yes. Access, monitor, service, routing, alert, API key, incident, review, report, integration, and on-call changes are written to the audit log.
Raw telemetry API keys are shown once at creation. The stored credential is a SHA-256 hash with revocation metadata.
Yes. Ingested telemetry, monitor data, services, reports, and incidents are stored under the authenticated organization context.
Yes. Telemetry ingest, agent ingest, heartbeat, and GitHub webhook endpoints use DB-backed rate limits.
Integrations display configured, connected, failed, disabled, or not connected. Connected means a provider accepted delivery or GitHub sent a valid signed webhook.
No formal certification is claimed on this site. Current pages describe implemented controls and readiness work precisely.
Yes. The Reports area provides CSV/PDF exports and saved report snapshots, and audit logs can be exported as CSV or JSON when enabled by policy.
Yes. Organization owners can request tenant exports or deletion workflows from Policies. Requests are audit logged and processed by the worker.
Yes. Routing includes escalation policies, maintenance windows, on-call schedules, responder members, and temporary overrides.
Yes. Public trust-center pages summarize subprocessors, retention categories, and review expectations.