We apply the same engineering rigour to protecting your data as you apply to building your systems.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are rotated regularly and managed via AWS KMS.
Role-based access control, principle of least privilege, and multi-factor authentication required for all Rootline employees accessing production systems.
All access to production systems and customer data is logged, monitored, and reviewed. Enterprise customers get access to full audit logs via the API.
We conduct annual third-party penetration tests and quarterly internal security reviews. Reports are available to Enterprise customers under NDA.
Hosted on AWS with isolated VPCs, private subnets, WAF, DDoS protection, and automated security patching across all systems.
Continuous backups with point-in-time recovery. Our RTO is under 4 hours and RPO is under 1 hour. Tested quarterly with full DR drills.
Rootline ingests infrastructure telemetry โ metrics, logs, traces, deployment events, and topology data โ from your connected integrations. This data is used solely to perform root cause correlation and power the Rootline platform for your team.
We apply strict data minimization: we only store what is necessary for the features you use, and we never use your incident data to train models for other customers.
Data isolation is enforced at the tenant level. Your data is never commingled with another organisation's data. Enterprise customers can request dedicated infrastructure.
Retention periods:
If you discover a security vulnerability in Rootline, please report it responsibly to security@rootline.io. We commit to acknowledging all reports within 24 hours and resolving confirmed issues within 30 days. We operate a responsible disclosure policy and will not take legal action against good-faith researchers.