Security and data handling
This page is the integrator-facing view of what GreenSlope does with your data. For the procurement-facing version (questionnaires, sub-processor list, Trust page claims) see the marketing security page.
Data residency
All tenant data — spans, change events, users — is stored in
europe-west1 (Belgium). There is no US fallback. Data does not leave
the EU.
If you require a different region, email support@greenslope.io. Non-EU residency is a V2+ roadmap item (ADR 0022); we'll note interest but won't ship before commercial demand.
Retention
V1 retention is deliberately short. Short retention is the residual mitigation for the lack of ingest-side PII redaction (see below).
| Data kind | Retention |
|---|---|
| Spans (sampled) | 30 days |
| Spans (errored or slow-tail, always retained) | 30 days |
| Change events | 90 days |
| Alerts (open and resolved) | 180 days |
| Audit logs (admin-initiated actions) | 365 days |
After retention, data is hard-deleted. Backups roll with the same window — we don't keep a 7-year cold store.
PII handling
Client-side redaction pattern
import type { ReadableSpan, SpanProcessor } from "@opentelemetry/sdk-trace-base"
class RedactingProcessor implements SpanProcessor {
constructor(private inner: SpanProcessor) {}
onStart() {}
onEnd(span: ReadableSpan) {
for (const key of Object.keys(span.attributes)) {
if (key.endsWith(".email") || key.endsWith(".ip")) {
;(span.attributes as Record<string, unknown>)[key] = "[redacted]"
}
}
this.inner.onEnd(span)
}
forceFlush() {
return this.inner.forceFlush()
}
shutdown() {
return this.inner.shutdown()
}
}Wrap your exporter's span processor with this and PII never leaves your process.
Encryption
- In transit: TLS 1.2 minimum, TLS 1.3 preferred. HTTPS-only for the ingest endpoint.
- At rest: AES-256 using the cloud provider's managed key service
(Google KMS in
europe-west1). Customer-managed keys are V2+.
Network allowlist
Services that need to emit telemetry to GreenSlope must be able to reach:
| Host | Purpose |
|---|---|
ingest.greenslope.io | OTLP ingestion (HTTPS + gRPC/443) |
api.greenslope.io | REST API (HTTPS) |
app.greenslope.io | Dashboard (HTTPS, human traffic only) |
The app's GitHub and Slack integrations make outbound calls from our
side to api.github.com and slack.com. No inbound to your network
is ever required.
Compliance
- GDPR: we are a data processor. Standard DPA available on request. EU residency and sub-processor list (below) support the Article 30 record of processing.
- HIPAA: not supported. Do not send PHI.
Sub-processors
| Processor | Purpose | Region |
|---|---|---|
| Google Cloud (europe-west1) | Compute, storage, KMS | EU (Belgium) |
| Paddle | Billing and Merchant of Record | EU / UK |
| An EU-region transactional email provider | Alert email delivery | EU |
| Sentry (EU region) | Error tracking on docs + marketing sites | EU |
The authoritative sub-processor list lives on the marketing site at /legal/subprocessors. Changes are announced 30 days in advance via email to tenant owners.
Security disclosures
If you believe you've found a vulnerability, please email security@greenslope.io. We respond within two UK working days and credit reporters on a published acknowledgements page once an issue is fixed.
Related