Sign in
Security FAQs about Spotlight Cloud

Spotlight Cloud Security FAQs

Your Data is Safe

Data Protection is our highest priority


Spotlight Cloud tracks performance, not data.

  • We collect performance metrics from the Hypervisor, Operating System, and the monitored database. Read more here.
  • We don’t extract data from your database. We extract performance metrics that tell us how well your database is running.
  • All SQL Server connection detail remains on premise. None of this is uploaded to the cloud.


Do you upload any data from our database?

  • Spotlight Cloud tracks SQL that is executed and the query plans used to execute it. This may contain fragments of data by way of string literals. By default, we remove these to prevent any accidental/unexpected upload of data.


Why is Spotlight Cloud more secure than an on-premise monitoring tool?

  • Our data center provider, Microsoft Azure, maintains ISO 27001, SOC2 Type II, and many other certifications. More information here.
  • Because Spotlight Cloud is a SaaS product, any vulnerability patching is applied instantly to everyone.
  • Out of date software is frequently responsible for exposing an organization’s security vulnerabilities. Microsoft has a dedicated team that works 24/7 to ensure their infrastructure is patched and updated in response to any security threats. Similarly, Spotlight Cloud’s security team works to ensure Spotlight Cloud’s code is kept up-to-date and responds to any security threats that many arise.
  • Spotlight Cloud’s infrastructure and application undergo annual penetration testing by an independent third party penetration testing firm.


How do you store the uploaded performance data?

  • Spotlight Cloud stores all data in Azure Cosmos DB.
  • All data is encrypted with AES 256. This is the same top-level encryption used by the NSA and US government right now. 


How do you protect data while it’s being uploaded?

  • Spotlight Cloud data is encrypted in transit using TLS 1.2. 


How long do you store the data?

  • Currently, we keep the performance data related to paid accounts for one year for trend analysis. 


What happens to my data after the trial?

  • At the end of your 30-day trial, data will be purged after 60-days. 


Can I request to have my data removed from Spotlight Cloud and get verification?