Question 1

Does Sampleless ever see my telemetry data?

Accepted Answer

No. All telemetry data is processed and stored entirely within your cloud account. Sampleless receives only aggregated query results (kilobytes, not terabytes) when you use the unified dashboard. Your raw logs, traces, and metrics never leave your environment.

Question 2

How does BYOC change the security equation?

Accepted Answer

With BYOC, your observability data stays inside your existing cloud environment. Your current infrastructure security controls (encryption, access management, network isolation) apply to your telemetry data automatically. This is security through architecture, not just policy.

Question 3

Does Sampleless offer a Business Associate Agreement?

Accepted Answer

Yes. For customers in regulated healthcare environments, Sampleless will execute a BAA scoped to our role as a no-view business associate. Because your data never leaves your environment, our BAA reflects a narrow scope. See our compliance page for details.

Question 4

How does Sampleless handle encryption?

Accepted Answer

Sampleless uses your existing cloud encryption infrastructure. Data at rest is encrypted using your KMS keys. Data in transit uses TLS 1.3. You maintain full control over key rotation, access policies, and audit logging.

Question 5

What access does Sampleless have to my cloud account?

Accepted Answer

Sampleless requires limited IAM permissions to deploy and manage the observability stack. We follow the principle of least privilege. All permissions are documented, and you can audit them at any time. We never have access to your application data or business systems.

Question 6

How do I control who can access observability data?

Accepted Answer

Sampleless integrates with your existing identity provider via SAML or OIDC. You can apply your standard IAM policies, role-based access controls, and audit requirements. All access is logged and auditable.

Security aspect	SaaS vendors	BYOC (Sampleless)
Raw telemetry location	Vendor infrastructure	Your cloud account
Data encryption keys	Vendor-managed	Your KMS
Network path	Public internet or VPN	Never leaves your VPC
Vendor data access	Full access to raw data	Query results only
Compliance scope	Extended to vendor	Your existing boundary
Data residency	Vendor regions	Any region you choose
Breach exposure	Your data at risk	No data to breach

Your data never leaves your cloud

The hidden risk of SaaS observability

How BYOC protects your data

Deployed in your account

Data processed locally

Results only, not raw data

Your encryption, your keys

Designed for regulated environments

Regulatory Framework Support

Security built into every layer

Encryption everywhere

Access control

Network isolation

Data residency

SaaS vs BYOC security

Security questions

Ready for a security review?