Connections Bluesky connects to data sources using read-only accounts via JDBC. Credentials to your data sources are stored on Bluesky servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bluesky engineers.
Encryption All data is encrypted with AES-256 at rest, and all network traffic to your team’s browsers goes over HTTPS.
Aggregates Bluesky collects only aggregated statistics about your data to perform monitoring and anomaly detection. Some features used for root cause analysis will fetch row-level data from your sources which is only held in non-durable memory and never persisted. These features may be disabled entirely, if required.
AWS PrivateLink Bluesky can peer directly with your AWS Virtual Private Cloud, avoiding traffic out to the internet. PrivateLink for AWS is available as part of Bluesky Enterprise.
Access controls
SSO Secure Sign In via Okta is coming soon for Bluesky Enterprise customers.
Permissions Bluesky connects to your data with read-only service accounts on your data sources. Bluesky will only see data that the service account has access to, giving you total control over what data can be monitored. Only administrator-level users can add, edit, and delete connections to your data sources.
Bluesky policies
Privacy and security training Bluesky employees engage in privacy and security training during onboarding and periodically thereafter.
Incident Response We follow an established process for reporting and responding to security breaches across the organization.
Access restrictions We follow need-to-know principles and limit access to our systems to ensure that only our Site Reliability Engineering Team can access customer data during incident response processes. We use MFA processes to secure data.
Vulnerability scans We conduct code review and perform vulnerability scans on all dependencies as part of our software engineering practices. We do regular hardening of AWS cloud resources and permissions.
Data Processing Addendum Bluesky can provide a DPA on request.
