Security

Enterprise-Grade Protection

Signal Atlas is built from the ground up with security as a core principle. Your observability data is protected at every step.

Encryption in Transit

All data transmitted between your systems and Signal Atlas is encrypted using TLS 1.3.

Encryption at Rest

All stored data is encrypted using AES-256 encryption with regularly rotated keys.

Least-Privilege Access

We request only read-only API access to your APM platforms. No write or delete permissions.

Org Isolation

Complete data isolation between organizations. Your data is never commingled with other customers.

Data Handling

Your Data, Your Control

Signal Atlas processes observability metadata to generate financial insights. We are thoughtful about what data we collect and how long we retain it.

What We Collect

  • Infrastructure Metadata — Host names, counts, and resource allocations
  • License Information — Entitlements, utilization rates, and billing data
  • Consumption Metrics — Usage patterns and trend data

What We Don't Collect

  • ✗ Application traces or spans
  • ✗ Log contents or payloads
  • ✗ Customer or end-user PII
  • ✗ Source code or application data

Data Retention Policy

Trial Accounts 7 Days

Data automatically deleted after trial expiration

Starter Plan 6 Months

Historical analysis and trend data

Growth & Enterprise 1 Year

Extended retention for year-over-year analysis

Account Deletion 30 Days

All data permanently deleted within 30 days of account closure

API Access Model

Read-Only by Design

Signal Atlas connects to your APM platforms using the principle of least privilege.

What We Can Do

  • • Read host and agent inventories
  • • Query license and entitlement data
  • • Access usage and consumption metrics
  • • Retrieve billing-related metadata

What We Cannot Do

  • • Modify configurations or settings
  • • Create, update, or delete resources
  • • Access application-level data
  • • Change alerting or monitoring rules

Credential Security

API credentials you provide are encrypted at rest and never logged. We recommend using scoped API tokens with read-only permissions and regular rotation. You can revoke Signal Atlas access at any time by invalidating the API credentials in your APM platform.

Questions About Security?

We're happy to discuss our security practices in detail. For enterprise customers, we can provide additional documentation and work with your security team.

Contact Security Team security@opengate-ai.com

Ready to get started securely?

Start your free trial with confidence. Enterprise-grade security from day one.

Get Started Request Demo