Data & Privacy
What data DevZero collects, how it's stored, and our security certifications.
Data & Privacy
What Data DevZero Collects
DevZero collects resource utilization metadata from your Kubernetes clusters. This includes:
- Node and pod resource consumption (CPU, memory, GPU, storage, network)
- Workload metadata (deployment names, namespaces, labels, replica counts)
- Kubernetes object metadata (services, ingresses, PVCs, HPAs)
- Container image names and tags (for identification only)
- Network flow metadata (source/destination IPs, ports, byte counts)
What Is NOT Collected
- Secrets -- the operator has no RBAC access to secrets
- ConfigMap values -- only metadata (name, namespace) is collected
- Environment variables -- not read from pod specs
- Application data -- no logs, request/response content, or payload inspection
- Container filesystem -- images are not pulled or scanned by the Read Operator
Data Residency
DevZero processes and stores data in:
- US region -- primary data center
- EU region -- available for European customers
Contact support@devzero.io to request a specific data residency region.
Encryption
| Layer | Method |
|---|---|
| In transit | mTLS (mutual TLS) between operators and the control plane |
| At rest | AES-256 encryption for all stored data |
| API access | HTTPS with TLS 1.2+ |
Data Retention
| Data Type | Retention |
|---|---|
| Resource utilization metrics | 90 days |
| Recommendations | Until deleted |
| Security scan results | Configurable per cluster (default: 24h in-cluster, 90 days in platform) |
| Compliance reports | 1 year |
| Audit logs | 1 year |
Certifications
- SOC 2 Type II -- DevZero maintains SOC 2 Type II certification covering security, availability, and confidentiality
- All security practices are audited annually by an independent third party
Data Deletion
To request deletion of your data:
- Remove the operators from your clusters
- Contact support@devzero.io with your organization ID
- All data will be purged within 30 days