Security & compliance
How HowlOps protects your monitoring data: encryption everywhere, EU-only residency, audited access, and a transparent responsible-disclosure flow.
What we ship today
Security is a priority and we do the maximum that matters in practice: encryption in transit and at rest, tenant-scoped audit logs, EU-only data residency, and regular review. We don’t hold formal certifications today. If you need a specific compliance document for your procurement process, reach out and we’ll work with you.
| ITEM | DETAIL | STATUS |
|---|---|---|
| GDPR compliance | EU-only data residency, signed DPA available on request | Live |
| SAML SSO | Any paid plan (talk to us); SP-initiated and IdP-initiated flows | Live |
| Audit logs | Tenant-scoped, with longer retention on higher Uptime plans (up to 365 days) | Live |
| MFA enforcement | TOTP authenticator apps + backup codes for all account tiers | Live |
How the platform stays locked down
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Encrypted database backups. Secrets stored in AWS Systems Manager Parameter Store (SecureString, KMS-encrypted).
Identity & access
TOTP MFA with backup codes, SAML SSO on any paid plan, role-based access control, scoped API tokens, session revocation.
EU-only data residency
Hosted across independent EU regions (Germany and Finland) for resilience. No transfer outside the EU without Standard Contractual Clauses.
Found a vulnerability? Here’s the playbook.
Email [email protected]. We won’t pursue legal action against researchers who follow the steps below.
Send a detailed report to the security email address below
We acknowledge receipt within 24 hours
We assess severity and begin remediation
We keep you informed of progress throughout
We publicly acknowledge your contribution (if desired)
Legal & procurement
Signed DPA available on request. Full subprocessor list published below.