Data Security /
Sensitive Data (PII)
Honeycomb Secure Tenancy offers two options to address your security/compliance requirements while delivering access to the fine-grained observability that you need. Both options make use of the Honeycomb Secure Proxy running in your infrastructure. No plaintext data ever traverses Honeycomb’s infrastructure and the Honeycomb UI presents complete transparency to authorized members of your team. You have complete control of key rotation and reissuance down to the columnar level from within your own infrastructure.
- With Event Encryption, your datasets are encrypted and the keys are stored in a database on the Secure Proxy running in your infrastructure. When an authorized user accesses Honeycomb, their web browser connects to the Secure Proxy directly and the data is unencrypted for them. Honeycomb never has access to the sensitive data in plaintext.
- With Event Hashing, your datasets are hashed and the hash mappings are stored in a database on the Secure Proxy running in your infrastructure. When an authorized user accesses Honeycomb, their browser sends the hashed data to the Secure Proxy running in your environment and receives the un-hashed data back. Again, no plaintext data reaches Honeycomb.
Certifications and Compliance
We’re committed to maintaining best-practices for ensuring security, availability, and confidentiality.
SOC2: Type 1
As part of this effort, Honeycomb underwent an independent audit and received a SOC2 Type I report in August of 2018. The Type I report evaluates our security and operational practices against a set of standards defined in the Trust Services Principles and Criteria.
SOC2: Type II
We are currently in the process of pursuing the SOC 2 Type II report, which will verify our consistent application of the Trust Services Principles and Criteria over time. By periodically holding ourselves accountable to a third party, we hope to provide transparency to our customers and support our ongoing efforts to provide a secure and reliable environment for customer data.
We completed a penetration test as part of our SOC 2 process and can furnish findings to customers as required.
We are GDPR compliant, and offer a standard DPA to customers.
We will gladly explore custom BAAs and DPAs with our customers when required.
Bug Bounty Program
We encourage responsible disclosure of security vulnerabilities through our bug bounty program. This page attempts to cover the most anticipated basic features of our policy; however the devil is always in the details, and it is not practical to cover every conceivable detail in advance. Whenever there is any room for interpretation or judgment, we will rely on our own discretion, informed by the circumstances and your actions.