We at IOpipe understand that securing our product, our software, and protecting our user's data is a critical requirement. To this end, we design with a security-first mindset. Everywhere inside IOPipe, we use a continuous integration pipeline that allows us to:
We use this CI pipeline, coupled with the latest in DevOps best practices, to provide a robust and secure platform that our users feel comfortable using as production infrastructure.
We use TLS encryption of every portion of the communication stream from our end users agent to, which communicate to our API, and to the endpoint of ingestion into our database.
All of our data, which resides in AWS Kinesis, AWS RDS, and AWS Elasticsearch, is encrypted at rest. We leverage the AWS KMS system to provide encryption keys for our active data and our archived data.
At IOpipe we restrict access to our data stores to internal employees, retain CloudTrail audit logs, and use two-factor authentication on all internal services.
IOpipe retains customer function invocation records for 30 days. For our enterprise plans, we have the flexibility to offer longer data retention times as needed.