Security at Trace0
Security and data protection are fundamental to how Trace0 is designed and operated. We understand that observability data may contain sensitive operational and application information, and we treat it accordingly.
Infrastructure & Hosting
Trace0 is hosted on Amazon Web Services (AWS), leveraging secure, managed cloud infrastructure designed for high availability, durability, and resilience.
Trace0 currently operates exclusively within the AWS eu-west-1 (Dublin, Ireland) region. All customer data is stored and processed within this region. If you require your data to be stored in a different AWS region, please contact us at hello@trace0hq.com to discuss your requirements.
All production systems are deployed in isolated cloud environments with strict network controls and minimal exposure to the public internet.
Encryption
Encryption in Transit
All data transmitted to and from Trace0 is encrypted using industry-standard TLS 1.2+.
This includes:
- Data ingestion endpoints
- Web application traffic
- Internal service-to-service communication
Unencrypted connections are not permitted.
Encryption at Rest
Customer data is encrypted at rest using strong encryption standards (AES-256) provided by AWS.
Encryption covers:
- Logs
- Traces
- Metrics
- Metadata
- Backups
Encryption keys are securely managed using AWS.
Data Retention & Minimization
Trace0 retains observability data for 30 days by default.
After the configured retention period:
- Data is permanently deleted from active systems
- No long-term archival copies are retained
We believe in minimizing long-term data exposure and limiting the blast radius of any potential incident.
Access Control
Access to production systems is restricted to authorized personnel only and granted on a least-privilege basis.
We enforce:
- Strong authentication controls
- Role-based access within the application
- Restricted administrative access to infrastructure
- Logged and auditable production access
Data Isolation
Customer data is logically isolated by account and environment.
Access to one account does not grant access to another. All API access is authenticated and scoped to the requesting environment.
Application Security
Trace0 follows modern secure development practices, including:
- Code review before deployment
- Infrastructure-as-code for reproducible environments
- Segregation of production and non-production environments
- Controlled deployment pipelines
Security updates and patches are applied promptly to underlying infrastructure and dependencies.
Incident Response
Trace0 maintains internal processes for identifying, responding to, and resolving security incidents.
If a security event were to impact customer data, affected customers would be notified in accordance with applicable laws and contractual obligations.
Responsible Disclosure
We welcome responsible disclosure of security vulnerabilities.
Please contact: hello@trace0hq.com
We will acknowledge receipt and investigate promptly.
Compliance Roadmap
Trace0 is committed to evolving its security posture as the company grows and customer requirements expand. Formal compliance certifications are part of our long-term roadmap.