Security

Built to protect the data your team uses for production diagnosis.

FaultLens processes production diagnostic data — error events, stack traces, release context, environment labels, and optional request details — and protects it using layered SaaS security fundamentals: encrypted transport and storage, tenant and project isolation, scoped API keys, authenticated workspace access, and controlled internal access.

FaultLens is early-stage. We built around practical security fundamentals from the start, and as the platform matures we will continue strengthening formal security controls, auditability, documentation, and compliance readiness based on customer needs. Questions can go to legal@faultlens.in.

Encrypted transportAll communication between SDKs and FaultLens uses HTTPS / TLS. Plaintext is not supported.
Encrypted storageEvent data is stored on AWS infrastructure using managed encryption at rest.
Tenant isolationEach customer's workspace and project data is logically isolated from all other customers.
Scoped API keysProject API keys authorize ingestion for a specific project only — not workspace access.
Controlled accessWorkspace access is authenticated. Internal personnel access is limited to operational need.

What FaultLens processes

FaultLens receives production diagnostic events sent by SDK integrations or the direct ingest API. Events are used to surface, group, and investigate production issues inside your workspace. You control what context is attached to each event.

Typical event content includes:

  • Error type, message, and stack trace where available
  • SDK context: platform, SDK name, SDK version
  • Release identifier you provide
  • Environment name such as production or staging
  • Optional request context: URL path, referrer, user agent — query-string values are redacted by the browser SDK before sending
  • Optional user identifier: an opaque ID you assign
  • Optional breadcrumbs: an ordered trace of events before the failure
  • Optional tags: key-value labels you define

FaultLens is not designed to receive passwords, authentication tokens, secrets, payment data, or unnecessary personal data. Include only what is useful for diagnosing the production issue.

Keep payloads safe

Because FaultLens receives diagnostic context you define, apply data minimization when configuring SDK custom context and tags. Avoid sending the following in event payloads:

  • Passwords or password hashes
  • Authentication or session tokens
  • API keys or secrets
  • Payment card or bank account data
  • Private keys or cryptographic material
  • Authentication cookies
  • Personal data beyond what is needed to diagnose the issue

The browser SDK redacts query-string values from request URLs automatically. Custom context, tags, and breadcrumbs are under your control — keep them focused on what helps investigation, not on full request or user records.

Store project API keys in environment variables or a secrets manager and do not commit them to source control. If a key is inadvertently exposed, contact support@faultlens.in to rotate it.

Access controls and infrastructure

FaultLens uses several layers to keep customer data separated and access controlled:

  • Tenant isolation. Each workspace is logically isolated. Customers cannot access another organization's workspace, projects, or events.
  • Project API keys. Each project uses a scoped key for SDK ingestion. Keys authorize event submission only — they do not grant access to the workspace, dashboards, or any administrative surface.
  • Authenticated workspace access. The FaultLens workspace requires authentication. Members are invited and managed by the workspace owner, with role-based permissions where the product surface supports them.
  • Internal access. Access to customer data by FaultLens Technologies Private Limited personnel is limited to what is operationally necessary for support, debugging, billing, and platform operations. It is not routine or broad. FaultLens does not use customer event data for advertising, profiling, or third-party data sharing.

Event retention

How long event data is retained depends on the subscription plan. Retention limits determine how far back event history is queryable inside the workspace.

  • Free Trial: 7-day event retention
  • Starter: 15-day event retention
  • Growth: 30-day event retention
  • Custom plans: longer windows available on request

Events beyond the plan retention window are no longer queryable. See pricing for current plan details.

Our approach as we grow

FaultLens is built around practical SaaS security fundamentals from the start: encrypted transport and storage, tenant and project isolation, scoped API keys, authenticated access, and controlled internal access. These are the foundations we built on, not add-ons.

As FaultLens matures, we will continue strengthening formal security controls, auditability, documentation, and compliance readiness based on customer needs.

If your organization has specific security requirements or questions before adopting FaultLens, reach out directly at legal@faultlens.in and we will give you an honest answer.

Contact

For security, privacy, or legal questions about how FaultLens handles customer data, contact legal@faultlens.in. FaultLens Technologies Private Limited responds to security and privacy inquiries within two business days.

For product support and onboarding help, use support@faultlens.in.

Related reading: Privacy Policy · Terms of Service