Security

this section consolidates frequently asked questions about resolve ai’s data security and compliance practices security certifications resolve ai is soc2 type 2, hipaa, and gdpr compliant visit the https //trust resolve ai/ to request more details overview resolve ai is designed with a security first approach read only access to observability data by default human approval required before any write operation (alert silencing, pr creation) redaction of sensitive information customer specific data isolation soc 2 compliance and ongoing audits strong encryption and sso support data privacy data is never used to cross train our ai/ml models or improve services for other customers data may be used for in context learning to enhance the experience of the customer to whom the data belongs we are committed to ensuring that customer data is only leveraged to benefit the originating customer , maintaining strict isolation and privacy standards at all times data access and permissions q what data does resolve ai access in customer environments? resolve ai accesses observability data (logs, metrics, traces, alerts, dashboards) and change events (deployments, feature flags, commits) to investigate incidents by default, it uses read only credentials scoped to the minimum required datasets q does resolve ai need production write permissions? by default, no — resolve ai uses read only access to observability platforms (ex datadog, grafana, tempo, sentry, new relic) for investigations two optional features use write permissions when explicitly enabled by your organization docid\ yepr14h5q9af55y9amsxf allows resolve to propose alert silences or downtimes during investigations write permissions are used only to create or remove silences after a human explicitly approves the action docid 6zb yhvarfwowrh48sby5 allows resolve to propose pull requests with suggested fixes prs are created only after a human explicitly approves, and still require manual review and merge in both cases, the ai model that generates proposals never has direct access to write apis proposals are evaluated by the ai, but execution only happens through a separate engine after human approval all write actions are fully auditable see docid\ yepr14h5q9af55y9amsxf for details on the safety model q how are permissions managed? all integrations use customer provided credentials (api keys, oauth, or service accounts) credentials are scoped by the customer and can be revoked at any time, leaving customers in total control of what resolve can access for investigation, all permissions are read only if your organization enables docid\ yepr14h5q9af55y9amsxf or docid 6zb yhvarfwowrh48sby5 , you choose which integrations to upgrade with write permissions — and every write operation requires explicit human approval before execution data handling & privacy q what data is stored? resolve ai stores only the minimum data needed for investigations raw telemetry (logs, traces, metrics) is queried live and not retained summaries and metadata may be cached for investigation continuity, stored securely in customer specific environments q does resolve ai redact sensitive data? yes resolve ai applies regex based redaction for sensitive fields (pii, secrets, tokens) customers can configure additional patterns in deployments with the resolve satellite, sensitive span attributes are automatically stripped before leaving the customer’s environment q is data shared across customers? no customer data is siloed learning signals from investigations (ex improving log parsing prompts) are generalized and stripped of sensitive information before reuse deployment & infrastructure q how is resolve ai deployed? resolve ai offers cloud hosted saas satellite (containerized agent) deployed in customer clusters to access local telemetry, enforce data redaction, and proxy observability queries securely q how does the satellite handle data? the satellite scrapes kubernetes apis and dns tap proxies queries to observability backends applies redaction policies before transmitting data to resolve ai’s cloud q what happens if the satellite is misconfigured? satellites and scraping integrations require explicit environment configuration (prod, staging, etc ) misconfigured integrations fail creation rather than defaulting to a non existent “default” environment security controls q is data encrypted at rest? yes, with aes 256 encryption q is data encrypted in transit? yes all traffic between customer environments, resolve ai satellite, and resolve ai cloud uses tls 1 2+ q does resolve ai support sso? yes resolve ai supports saml and oidc based sso for customer users customer responsibilities q what should customers do to ensure security? scope api keys to the minimum required permissions — read only for investigation, and write permissions only for integrations where you have enabled docid\ yepr14h5q9af55y9amsxf or docid 6zb yhvarfwowrh48sby5 configure redaction rules for pii/secrets regularly audit and rotate credentials set up sso for user authentication verify satellite environment configuration review the docid\ yepr14h5q9af55y9amsxf to audit all write actions taken through resolve