Compliance & Data Privacy | Honeycomb

Compliance & Data Privacy

Honeycomb is committed to maintaining best practices for ensuring security, availability, and confidentiality, so we maintain and meet the requirements for multiple compliance frameworks and certifications.

Our product and services are vetted by independent security professionals, and we give our customers the right to audit. To learn more, visit our Terms of Service on For enterprise customers, we also provide audit logging, which allows you to see who or what caused changes to specific resource configurations.

To view a full list of certifications and compliance, visit Application & Data Security at

Regulatory Frameworks 

Honeycomb complies with various regulatory frameworks that exist on national and international levels.


Honeycomb is GDPR compliant, and we offer a standard data processing agreement through our Terms of Service. For enterprise customers who have compliance requirements under GDPR, we will also enter into a more comprehensive data processing agreement.

Customers may choose a US-based or an EU-based location where Honeycomb will store the data they send. Customers can access the US data location via (for the UI) and (for the API). Customers can access the EU location at (for the UI) and (for the API).

Unlike some other vendors, Honeycomb only has access to the telemetry data that customers send. To learn how to avoid sending PII via OpenTelemetry, visit Scrubbing Sensitive Information. To learn how to mask PII using the OpenTelemetry Collector, visit Securing the OpenTelemetry Collector.

If you would like to learn more about what type of data we collect, why we collect data, and how we use the data we collect, visit the Honeycomb Privacy Policy on

To learn about our subprocessors, visit Honeycomb Subprocessors on

To make a GDPR rights request, email

To learn more about GDPR, visit General Data Protection Regulation on


As defined by the US HIPAA and HITECH legislation, Honeycomb is considered a Business Associate. We will sign a Business Associate Agreement (BAA) with Pro/Enterprise customers who have compliance requirements under HIPAA/HITECH.

Honeycomb security controls are specifically designed for customers dealing with sensitive data like PHI. To reduce PHI transfer, we also strongly encourage customers to replace names and emails with an obfuscated external ID number.

To learn more about HIPAA, visit Health Information Privacy on To learn more about HITECH, visit HITECH Act Enforcement Final Rules on


Although Honeycomb as a service is not intended to process payment card information for customers, we use a well-known payment processor and complete a Self Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) biannually.

Compliance Frameworks 

Honeycomb voluntarily conforms to additional compliance frameworks to ensure we evolve robust processes and establish a strong security posture.

SOC 2 Type II 

Every year, Honeycomb undergoes an independent audit for our SOC 2 Type II report, which verifies our consistent application of the AICPA trust principles. We can provide a copy of our SOC 2 report upon request to customers who have agreed to our Terms of Service.

As part of our SOC 2 program, we regularly undergo penetration testing by an independent security firm and can provide a summary to customers as required.

To learn more about SOC 2 Type II, visit SOC 2® - SOC for Service Organizations: Trust Services Criteria on

CSA STAR Level 1 

Honeycomb completes a CSA Consensus Assessments Initiative Questionnaire (CAIQ) annually and can provide a copy of our CAIQ to Pro/Enterprise users upon request.

To learn more about CSA Star, visit Security, Trust, Assurance and Risk (STAR) at

ISO/IEC 27001 

Honeycomb provides its services in ISO/IEC 27001 certified environments, including Amazon Web Services (AWS) and Google Cloud Platform (GCP). Honeycomb reviews Amazon and GCP on an annual basis to confirm their ongoing adherence to ISO/IEC 27001 controls. To see details of AWS’s ISO/IEC 27001 certification, visit ISO/IEC 27001:2013 on To see details about GCP’s ISO/IEC 27001 certification, visit ISO/IEC 27001 at

To learn more about ISO 27001, visit ISO/IEC 27001 on

Amazon Web Services (AWS) Foundational Technical Review 

As an Amazon Web Services (AWS) Partner, Honeycomb conducts a self-service review every two years to guarantee that we reduce risks around security, reliability, and operational excellence by following AWS best practices specific to our product.