Security & Privacy

Your data. Your control.

OperatorMesh is built for on-call engineers who paste real production logs. We take that trust seriously. Here's exactly what happens to your data — no vague claims, no fine print surprises.

How your data is handled

Your input

→

Encrypted transport

TLS 1.3

— encrypted end-to-end in transit

AI analysis

→

Enterprise AI infrastructure

In-memory only

— processed, never stored by AI layer

Your results

→

Your account history

Your data only

— isolated per account, deletable anytime

Webhook alerts

→

AI → Slack delivery

Zero retention

— never written to disk or database

Data retention by channel

🔔 Webhook / Slack alerts

Logs sent via PagerDuty, Datadog, Grafana webhooks are processed entirely in memory. Results delivered to Slack. Nothing written to disk or database.

✓ Zero retention — processed in memory, discarded immediately

📊 Dashboard analyses

Triage inputs and results are saved to your account history so you can review, share, and track patterns over time. This is a feature — your data, your history.

✓ Stored in your account only — never shared, never sold, deletable anytime

🤖 AI processing layer

Your input is sent to our enterprise-grade AI infrastructure for analysis. We use multiple redundant AI providers with strict data handling agreements. Inputs are not used to train any AI model.

→ Not used for training · Enterprise AI providers with data handling agreements · Short-term trust & safety retention by providers

🔄 Redundant AI fallback

For maximum reliability, we maintain multiple AI provider integrations. If the primary provider is unavailable, requests automatically fall back to a secondary provider with equivalent data handling standards.

→ Fallback only · Same data handling standards · Zero additional retention by OperatorMesh

Security posture

🔐

Encryption everywhere

All data in transit encrypted via TLS 1.3. Data at rest encrypted with AES-256. API keys stored as environment variables — never in code.

LIVE

🛡️

Row Level Security

Row Level Security enforced on all tables. Users can only read and write their own data. No cross-account data access is possible at the database level.

LIVE

⚡

Rate limiting

IP-based rate limiting on all API endpoints. 15 requests per minute per IP. Bot protection via request signing. Prevents abuse and runaway API costs.

LIVE

🏗️

Enterprise infrastructure

Hosted on SOC2 Type II certified cloud infrastructure. Serverless architecture by design — no exposed databases, no self-managed servers, minimal attack surface.

LIVE

🔑

Authentication

JWT-based authentication. Secure session handling. Email verification required. Password reset via secure email link. No plain-text passwords stored.

LIVE

🗑️

Data deletion

Delete individual analyses from your dashboard at any time. Request full account deletion by emailing founder@operatormesh.com — processed within 48 hours.

LIVE

What we never do

Never sell your data

Your incident logs, error messages, and triage results are never sold, licensed, or shared with third parties for commercial purposes.

Never train AI on your data

OperatorMesh does not use your triage inputs to fine-tune or train any AI model. Our AI provider agreements explicitly prohibit training on customer API data. Your incidents are yours.

Never share across accounts

Row Level Security ensures your analyses are invisible to other users. No aggregated anonymised sharing without explicit opt-in.

Never store webhook logs

Alerts triggered via Datadog, PagerDuty, Grafana, Sentry or custom webhooks are processed in-memory and immediately discarded. Zero retention for webhook-triggered analyses.

Data Processing Agreement (DPA)

A DPA is available for teams and enterprise customers who require one for compliance purposes (GDPR, SOC2, vendor reviews). Email us and we'll turn it around within 24 hours.

✉ Request DPA

Security roadmap

SOC2 Type II certified infrastructure — inherited from infrastructure providers

LIVE

TLS 1.3 + AES-256 encryption — all data in transit and at rest

LIVE

Row Level Security — Row Level Security on all tables

LIVE

SSO / SAML — single sign-on for enterprise teams

Q3 2026

Audit logs — full activity log for enterprise accounts

Q3 2026

OperatorMesh SOC2 Type II — own certification

2027

🔍 Responsible Disclosure

Found a security vulnerability? We take all reports seriously and respond within 24 hours. Please email security@operatormesh.com with details. We will acknowledge receipt, investigate promptly, and credit researchers who report valid findings. Please do not publicly disclose vulnerabilities before we have had a chance to address them.

Questions about security?

We answer security questionnaires personally. If you need a vendor review, custom DPA, or have specific compliance requirements — reach out directly.

✉ Ask a security question View pricing →