Skip to main content
GreenSlope

Security and data handling

This page is the integrator-facing view of what GreenSlope does with your data. For the procurement-facing version (questionnaires, sub-processor list, Trust page claims) see the marketing security page.

Data residency

All tenant data — spans, change events, users — is stored in europe-west1 (Belgium). There is no US fallback. Data does not leave the EU.

If you require a different region, email support@greenslope.io. Non-EU residency is a V2+ roadmap item (ADR 0022); we'll note interest but won't ship before commercial demand.

Retention

V1 retention is deliberately short. Short retention is the residual mitigation for the lack of ingest-side PII redaction (see below).

Data kindRetention
Spans (sampled)30 days
Spans (errored or slow-tail, always retained)30 days
Change events90 days
Alerts (open and resolved)180 days
Audit logs (admin-initiated actions)365 days

After retention, data is hard-deleted. Backups roll with the same window — we don't keep a 7-year cold store.

PII handling

Client-side redaction pattern

import type { ReadableSpan, SpanProcessor } from "@opentelemetry/sdk-trace-base"
 
class RedactingProcessor implements SpanProcessor {
  constructor(private inner: SpanProcessor) {}
  onStart() {}
  onEnd(span: ReadableSpan) {
    for (const key of Object.keys(span.attributes)) {
      if (key.endsWith(".email") || key.endsWith(".ip")) {
        ;(span.attributes as Record<string, unknown>)[key] = "[redacted]"
      }
    }
    this.inner.onEnd(span)
  }
  forceFlush() {
    return this.inner.forceFlush()
  }
  shutdown() {
    return this.inner.shutdown()
  }
}

Wrap your exporter's span processor with this and PII never leaves your process.

Encryption

Network allowlist

Services that need to emit telemetry to GreenSlope must be able to reach:

HostPurpose
ingest.greenslope.ioOTLP ingestion (HTTPS + gRPC/443)
api.greenslope.ioREST API (HTTPS)
app.greenslope.ioDashboard (HTTPS, human traffic only)

The app's GitHub and Slack integrations make outbound calls from our side to api.github.com and slack.com. No inbound to your network is ever required.

Compliance

Sub-processors

ProcessorPurposeRegion
Google Cloud (europe-west1)Compute, storage, KMSEU (Belgium)
PaddleBilling and Merchant of RecordEU / UK
An EU-region transactional email providerAlert email deliveryEU
Sentry (EU region)Error tracking on docs + marketing sitesEU

The authoritative sub-processor list lives on the marketing site at /legal/subprocessors. Changes are announced 30 days in advance via email to tenant owners.

Security disclosures

If you believe you've found a vulnerability, please email security@greenslope.io. We respond within two UK working days and credit reporters on a published acknowledgements page once an issue is fixed.

Related