Skip to main content
Tero Trust Center
Tero analyzes your observability telemetry to identify waste and suggest optimizations. This requires access to some of your data. This section explains what we see, what we store, how we protect it, and how you stay in control.

Progressive Trust

You don’t have to trust us on day one. Start with read-only access and add capabilities as you gain confidence. Every step is optional.
1

Start with read-only access

Connect Tero to your observability platform with read-only API permissions. We analyze your telemetry, build a semantic catalog, and show you where the waste is. No infrastructure changes. No risk to production systems.
2

Grant write access when ready

If you want Tero to configure exclusion rules or adjust sampling instead of implementing recommendations yourself, grant write permissions. Scope them however you need. Revoke them anytime.
3

Deploy edge for maximum savings

The edge proxy runs in your infrastructure and filters telemetry before it leaves your network. Most customers start API-only and add edge after they trust the control plane.
4

Self-host for complete control

Run the entire control plane in your infrastructure. Your data never leaves your network. Your compliance boundary. We provide the software, you run it.

Security

We protect the data we handle with industry-standard practices and infrastructure. Everything is encrypted, access is controlled and logged, and our edge proxies are designed to fail safely. Key points:
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access control with MFA required
  • Infrastructure on Google Cloud Platform with multi-zone deployment
  • Edge proxies fail open and never block your observability data
  • Self-hosted option for complete infrastructure control

Read Security Details

What data we handle, how we protect it, and where it runs.

Privacy

You control what data you send to Tero. We build a semantic catalog from telemetry metadata (schemas, volumes, and patterns) but we don’t store your log content, metric values, or trace data. Key points:
  • Telemetry metadata only, not the content itself
  • No customer data from your logs
  • Data subject rights supported (access, correction, deletion, portability)
  • Clear retention policies for all data types
  • Self-hosted option keeps everything in your infrastructure

Read Privacy Details

What we collect, what we don’t, and how you stay in control.

Compliance

We’re building toward SOC 2 Type 2, penetration testing, and ISO 27001 certification. In the meantime, we implement controls aligned with these frameworks. Self-hosting changes the equation. When the control plane runs in your infrastructure, you inherit your existing certifications. Key points:
  • SOC 2 Type 2 planned Q2 2025
  • Penetration testing planned Q1 2025
  • GDPR and CCPA compliant (DPA and SCCs available)
  • Controls implemented now, formal audits in progress
  • Self-hosted deployment inherits your certifications

Read Compliance Details

Certifications, audit reports, and compliance status.

Resilience

Our architecture minimizes risk to your production systems. The control plane runs separately from your critical path. Edge proxies fail open and cache rules locally. If Tero is unavailable, your observability continues unaffected. Key points:
  • Control plane not in your critical path
  • 99.9% uptime target for control plane
  • Edge fails open and never blocks telemetry flow
  • Local rule caching means edge works without control plane
  • Daily backups with multi-zone replication

Read Resilience Details

How Tero’s architecture minimizes risk to your systems.

Questions?

Contact Security Team

Need a Data Processing Agreement? Security questionnaire? Architecture review? Email .