Security

this section consolidates frequently asked questions about resolve ai’s data security and compliance practices security certifications resolve ai is soc2 type 2, hipaa, and gdpr compliant visit the trust center https //trust resolve ai/ to request more details overview resolve ai is designed with a security first approach read only access to observability data redaction of sensitive information customer specific data isolation soc 2 compliance and ongoing audits strong encryption and sso support data privacy data is never used to cross train our ai/ml models or improve services for other customers data may be used for in context learning to enhance the experience of the customer to whom the data belongs we are committed to ensuring that customer data is only leveraged to benefit the originating customer , maintaining strict isolation and privacy standards at all times data access and permissions q what data does resolve ai access in customer environments? resolve ai accesses observability data (logs, metrics, traces, alerts, dashboards) and change events (deployments, feature flags, commits) to investigate incidents by default, it uses read only credentials scoped to the minimum required datasets q does resolve ai need production write permissions? no resolve ai only requires read only access to observability platforms (ex datadog, grafana, tempo, sentry, new relic) write access is never requested q how are permissions managed? all integrations use customer provided credentials (api keys, oauth, or service accounts) credentials are scoped by the customer and can be revoked at any time, leaving customers in total control of what resolve can access resolve ai can optionally integrate with source code, runbooks, and other data sources, and all permissions are read only data handling & privacy q what data is stored? resolve ai stores only the minimum data needed for investigations raw telemetry (logs, traces, metrics) is queried live and not retained summaries and metadata may be cached for investigation continuity, stored securely in customer specific environments q does resolve ai redact sensitive data? yes resolve ai applies regex based redaction for sensitive fields (pii, secrets, tokens) customers can configure additional patterns in deployments with the resolve satellite, sensitive span attributes are automatically stripped before leaving the customer’s environment q is data shared across customers? no customer data is siloed learning signals from investigations (ex improving log parsing prompts) are generalized and stripped of sensitive information before reuse deployment & infrastructure q how is resolve ai deployed? resolve ai offers cloud hosted saas satellite (containerized agent) deployed in customer clusters to access local telemetry, enforce data redaction, and proxy observability queries securely q how does the satellite handle data? the satellite scrapes kubernetes apis and dns tap proxies queries to observability backends applies redaction policies before transmitting data to resolve ai’s cloud q what happens if the satellite is misconfigured? satellites and scraping integrations require explicit environment configuration (prod, staging, etc ) misconfigured integrations fail creation rather than defaulting to a non existent “default” environment compliance & certifications q is resolve ai compliant with soc 2, hipaa, gdpr? yes you can request via the trust center trust resolve ai soc 2 type 2 compliant hipaa compliant gdpr compliant, including data deletion security controls q is data encrypted at rest? yes, with aes 256 encryption q is data encrypted in transit? yes all traffic between customer environments, resolve ai satellite, and resolve ai cloud uses tls 1 2+ q does resolve ai support sso? yes resolve ai supports saml and oidc based sso for customer users customer responsibilities q what should customers do to ensure security? scope api keys to read only permissions configure redaction rules for pii/secrets regularly audit and rotate credentials set up sso for user authentication verify satellite environment configuration