Security & Data Protection

Honeycomb is a secure product. To learn more about our certifications and compliance, visit Compliance & Data Privacy or Application & Data Security on honeycomb.io.

How We Secure Your Data

All data is encrypted at rest and in transit.
We delete data as it exceeds your retention window (60 days for most customers).
You can delete datasets at any time. For more fine-grained deletion (a single column, for instance) contact Support via support.honeycomb.io, or email at support@honeycomb.io.
Your API Keys authenticate data ingestion.
- A team owner can create, enable, and disable API keys for each environment in their team.
- There is a limit of 100 API keys per team. This can be increased by request through Support via support.honeycomb.io, or email at support@honeycomb.io.
- If you send data using a disabled or invalid API Key, our API server will reject your events.

The Honeycomb network is architected using modern best practices for tunneling, separate VPCs, encryption at rest and in transit.
All storage nodes are unreachable from the internet.
Only web services (API, UI) are reachable from the internet at all, and then only through ELB TLS ports.
Nothing is transmitted unencrypted over public networks.
Our entire infrastructure is auto-scalable, which lets us roll our entire infrastructure in ~60 minutes (~10 minutes for our forward-facing web nodes) when critical security patches are released.

Our various integrations (agents and SDKs) do not run as root and cannot be controlled remotely.
OpenTelemetry sends encrypted traffic by default.
All our integrations are 100% open-source so you can examine them to your heart’s content.

For Honeycomb Enterprise users with services hosted on AWS, we provide an AWS PrivateLink connection to the Honeycomb API. This may help limit data egress and make network security configuration more straightforward.