Security Above All

Epsagon is committed to providing the
highest security standards


Our Commitment

Epsagon is committed to providing the highest security standards. By applying best practices, making
sure data is encrypted at rest and in transit, and serving data with best security standards (TLS v1.2),
you can rest assured that your data is safe and secured.
Epsagon also continuously adheres to internationally recognized security standards.
This includes SOC 2 Type II and ISO27001 certifications which require ongoing external audits.

Security Program

The Epsagon security program is led by the Chief Technology Officer who is responsible for the following:

  • Privacy
  • Application Security and Procedures
  • Infrastructure and Network Security
  • Compliance
  • Corporate Security
  • Physical Security


Security is of the utmost importance to us and we realize that, in some systems, it is prohibited to send
certain data outside of your network. We support that scenario in our product by allowing you to decide
which functions you trace and whether or not to send transaction data back to our servers. You will still
get a full picture of your system but request data, response data, and log data, will not be sent.


Epsagon is committed to protecting the privacy of our customers. The data that we collect and process
is used primarily to display cloud-native performance information back to the customer.
Our privacy policy is available at

Technical Security Features

Our product includes technical features that offer our customers the highest security options:

  • Data is encrypted at rest. Epsagon is hosted on AWS and adheres to the highest security standards
     available using the KMS service.
  • Performance data is encrypted in transit. SSL encryption (TLSv1.2) is enabled by default for data
     being sent back to our infrastructure.
  • Our library does not open a hole in customer firewalls. Communication from our library is sent on
     port 80 or 443 and is limited to outbound.

User Management

Epsagon manages all users through Auth0. Using Auth0, the customer can register via a corporate
Google account, GitHub account or create a username and password. All passwords and any
personal or sensitive data about the user is stored on Auth0. Auth0 is SOC2, GDPR, HIPPA and Safe Harbor compliant.

Audits and Certifications

Epsagon is ISO27001 certified as well as SOC 2 Type II.

Application Security and Training

Epsagon developers receive application security training. Product development projects go through a
mandatory security review by the CTO. As part of the ISO27001 certification process as well as SOC 2
Type II, all initiatives will be updated yearly and we will adhere to the required security policies.