Data collection and storage

Data collection and storage practices at CAST AI.

Suggest Edits

CAST AI takes the confidentiality and integrity of its customer data very seriously and strives to ensure that data is protected from unauthorized access and is available when needed.

Certifications and audits

CAST AI maintains the following industry-standard certifications:

  • ISO 27001: This certification demonstrates our commitment to information security management. It ensures we have a comprehensive system in place to manage and protect information assets.
  • SOC 2 Type II: This attestation verifies that our service commitments and system requirements are based on the trust services criteria relevant to security, availability, processing integrity, confidentiality, and privacy.

To ensure ongoing compliance and security, we undergo third-party audits three times a year.

Data security overview

  • No sensitive data leaves your cluster: CAST AI cannot access sensitive user data such as Kubernetes Secrets or ConfigMaps.
  • Pre-analysis data scrubbing: Before analysis, our agent removes sensitive environment variables from workload manifests, including passwords, tokens, keys, and secrets.
  • Limited data collection: The most sensitive information collected is workload names. We do not collect or process any Personally Identifiable Information (PII), Payment Card Industry (PCI) data, or Health Care (HIPAA) data.

Customer data protection

Data storage and encryption

  • Cloud storage: Customer data is stored on Google Cloud Platform (GCP) in the US-East4 (North Virginia) region by default.
  • Encryption at rest: All production data is stored on encrypted disks, enforced by our cloud service provider's encryption policy.
  • Encryption in transit: All data in flight is encrypted with a minimum of TLS 1.2.

Authentication

  • Third-party authentication: User login data (emails, passwords, SSO IDs) is handled by Auth0 (Okta), a secure third-party authentication provider.
  • API token security: We do not store user API tokens; we only store secure hashes for validation.

Data retention

  • Retention period: Kubernetes metadata is retained for at least 10 years.
  • Inactive accounts: Data from inactive customer accounts is marked accordingly but never deleted to ensure data integrity and potential future access.

Examples of collected data

To provide transparency, here are examples of the types of metadata we collect:

Node metadata (extract)

labels:
  addon.gke.io/node-local-dns-ds-ready: "true"
  beta.kubernetes.io/arch: "amd64"
  beta.kubernetes.io/instance-type: "e2-custom-4-16896"
  beta.kubernetes.io/os: "linux"
  cloud.google.com/gke-boot-disk: "pd-standard"
  cloud.google.com/gke-container-runtime: "docker2"
  cloud.google.com/gke-cpu-scaling-level: "2"
  cloud.google.com/gke-max-pods-per-node: "110"
  cloud.google.com/gke-netd-ready: "true"
  cloud.google.com/gke-os-distribution: "cos"
  failure-domain.beta.kubernetes.io/region: "us-east4"
  failure-domain.beta.kubernetes.io/zone: "us-east4-b"
  iam.gke.io/gke-metadata-server-enabled: "true"
  kubernetes.io/arch: "amd64"
  kubernetes.io/hostname: "gke-dev-master-cast-pool-c19ff18f"
  kubernetes.io/os: "linux"
  node.kubernetes.io/instance-type: "e2-custom-4-16896"
  node.kubernetes.io/masq-agent-ds-ready: "true"
  projectcalico.org/ds-ready: "true"

Pod replica metadata (extract)

▾ metadata:
  name: "dashboard-metrics-scraper-c45b7869d"
  namespace: "kubernetes-dashboard"
  resourceVersion: "637593368"
  generation: 1
  creation Timestamp: "2022-08-16T12:10:33Z"
  ► labels: { ... }
  ► annotations: { ... }
  ► ownerReferences: { ... }
▾ spec:
  replicas: 1
  ▾ selector:
    ▾ matchLabels:
      k8s-app: "dashboard-metrics-scraper"
      pod-template-hash: "c45b7869d"
▾ template:
  ▾ metadata:
    creation Timestamp: null
  ▾ labels:
    k8s-app: "dashboard-metrics-scraper"
    pod-template-hash: "dashboard-metrics-scraper"

Commitment to privacy and security

CAST AI is dedicated to maintaining the highest data protection and privacy standards. We continuously update our security measures to align with industry best practices and regulatory requirements.

To learn more about our security policies and compliance, head over to the security portal.

Updated 19 days ago

What’s Next

Explore other security aspects of the CAST AI platform.