Honeycomb is a secure product.
To learn more about our certifications and compliance, visit our Honeycomb Trust Center.
How We Secure Your Data
All data is encrypted at rest and in transit.
We delete data as it exceeds your retention window (60 days for most customers).
You can delete datasets at any time. For more fine-grained deletion (a single column, for instance) contact Support via support.honeycomb.io, or email at support@honeycomb.io.
Your API Keys authenticate data ingestion.
A team owner can create, enable, and disable API keys for each environment in their team.
If you send data using a disabled or invalid API Key, our API server will reject your events.
How We Secure Our Infrastructure
The Honeycomb network is architected using modern best practices for tunneling, separate VPCs, encryption at rest and in transit.
All storage nodes are unreachable from the internet.
Only web services (API, UI) are reachable from the internet at all, and then only through ELB TLS ports.
Nothing is transmitted unencrypted over public networks.
Our entire infrastructure is auto-scalable, which lets us roll our entire infrastructure in ~60 minutes (~10 minutes for our forward-facing web nodes) when critical security patches are released.
How We Secure Our Integrations
Our various integrations (agents and SDKs) do not run as root and cannot be controlled remotely.
All our integrations are 100% open-source so you can examine them to your heart’s content.
AWS PrivateLink
For Honeycomb Enterprise users with services hosted on AWS, we provide an AWS PrivateLink connection to the Honeycomb API. This may help limit data egress and make network security configuration more straightforward.
