Netdata Cloud Security and Privacy Design
Executive Summary
- Netdata Cloud offers secure real-time monitoring without storing raw metrics.
- Only minimal metadata passes securely through Netdata Cloud.
Users retain full control of their data. - Infrastructure is protected with strong encryption, access control, and compliance with GDPR, CCPA, PCI DSS, SOC 2, and HIPAA standards.
- Netdata Cloud continuously evolves its security and privacy practices to meet the highest industry standards.
Introduction
Netdata Cloud enables secure real-time system insights without storing raw metrics.
Data passes through Netdata Cloud securely but isn't retained. Metric views and alerts from multiple Agents display as a unified dashboard in your browser.
User Identification and Authorization
Netdata Cloud requires only an email address for accounts.
Method | Details |
---|---|
Identification | Email via Google, GitHub, or short-lived tokens |
Credentials | No passwords stored |
Storage | Secure AWS storage; used for product and marketing |
Authentication uses third-party integrations or secure tokens. Netdata Cloud never stores credentials.
Data Storage and Transfer
Netdata Cloud stores no raw metrics, only essential metadata:
Metadata Stored | Source |
---|---|
Hostname | /api/v1/info endpoint |
Metric Metadata | /api/v1/contexts endpoint |
Alerts Configuration | /api/v1/alarms endpoint |
All metadata is stored in AWS and copied to Google BigQuery for analytics.
Metric data travels via secure Agent-Cloud Link (ACLK):
- ACLK encrypts data and activates only for claimed nodes
- All user-Cloud communication uses TLS encryption
ACLK Secure Data Flow
Data Retention and Erasure
Process | Details |
---|---|
Retention | Deleted content kept 90 days |
Self-Service | Modify/delete personal data via Cloud UI |
Manual Requests | Written deletion requests processed under data laws |
Users can delete accounts and data directly from their Netdata Cloud profile.
Infrastructure and Authentication
Netdata Cloud uses Infrastructure as Code (IaC).
Feature | Implementation |
---|---|
Infrastructure Changes | Managed via Terraform |
Authentication | JWT tokens at TLS termination points |
Microservices Isolation | Complete environment separation |
Netdata Cloud never stores user credentials.
Security Features and Incident Response
Built-in security protections include:
Feature | Details |
---|---|
Infrastructure Dashboards | Centralized monitoring/alerting |
Audit Logs | Role-based access tracking |
DDoS Protection | Rate-limiting and blacklisting |
Secure Development | Static analyzers and secure coding |
Security vulnerabilities follow a structured process:
- Acknowledge within three business days
- Analyze and fix promptly
- Maintain communication with reporters
See Netdata's GitHub Security Policy for details.
User Customization
Netdata Cloud uses maximum security defaults without out-of-box customization.
Per-contract customization options include:
- Custom SSO
- Custom retention policies
- Advanced access controls
- Tailored audit logs
- Third-party security tool integration
Contact Netdata Sales for enterprise solutions.
Deleting Personal Data
Users can delete personal data by:
- Logging into Netdata Cloud
- Accessing Profile settings
- Initiating account deletion
If self-service isn't available, submit written requests processed under applicable laws.
User Privacy and Data Protection
Netdata Cloud prioritizes privacy and data protection, continuously reviewing and updating privacy and security practices.
Category | Details |
---|---|
Data Collection | • Email Address (account, communication, analytics) • IP Address (web proxy access logs) |
Data Usage | • Stored in AWS databases • Copied to BigQuery for analytics • Used for product improvement • With consent, tracking via Google Analytics, Posthog, and Gainsight PX • Stripe for secure payment handling |
Data Sharing | • No selling or sharing of personal data • Third-party services: Google Cloud/AWS (infrastructure), Stripe (payments), Analytics services |
Data Protection | • Encrypted ACLK for all infrastructure data • TLS encryption for all user-Cloud communication |
User Control | • Access personal data • Correct inaccuracies • Retrieve personal data • Delete accounts • Note: Temporary maintenance may limit access |
Compliance | • Full compliance with GDPR and CCPA |
Data Transfer | • Secure, encrypted WebSocket (WSS) connections for all transfers |
Tracking Technologies | • With consent: analytical cookies tracked via Google Analytics, Posthog, and Gainsight PX |
Data Breach Protocol | • Follows DPA guidelines and industry timelines • User notifications as required by data protection laws • Continuous review and updates to privacy and security practices |
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.