Security at OnePane

Security at OnePane | Your Data Never Leaves Your Cloud

OnePane is the agentic ITOps platform that deploys inside your own AWS, Azure, or GCP tenant. Operational data stays within your environment. Here's how we architect for security-sensitive and regulated buyers.

Book a security review

Architecture

Tenant deployment model

The OnePane agent runs inside your cloud account. It reads from your existing systems and writes results back to your ticketing. No operational data leaves your tenant.

CUSTOMER CLOUD TENANT AWS / Azure / GCP account you control OnePane Agent Investigates, correlates changes, executes runbooks. Audit-logged. Runs on your IAM. Your KMS. Human Operator Approves, audits, overrides Observability Datadog, Prometheus, Splunk Ticketing ServiceNow, Jira, Zendesk Change systems GitHub, Argo, Terraform read write
  • OnePane agent runs in your cloud account, under your IAM
  • Reads from your observability, ticketing, and change systems
  • Writes results back into your ticketing and audit log
  • No telemetry, tickets, or runbook output is copied out of your tenant

Data handling

What OnePane reads, writes, and never does

Reads

  • Logs and metrics
  • Tickets and incidents
  • Recent change events

Writes

  • Tickets (status, comments)
  • Runbook actions (approved)
  • Immutable audit log

Never does

  • × Train models on your data
  • × Ship telemetry to a vendor cloud
  • × Cache data outside your tenant

Retention: OnePane does not set retention policies for your data. Tickets, audit logs, and telemetry follow the retention configured in your existing systems (ServiceNow, your SIEM, your cloud logging). You stay in control.

Access controls

Who can do what, and who approves it

Role-based access control

Per-user and per-team roles map to your existing IdP (Okta, Azure AD, Google Workspace). Read-only, operator, and admin roles are separated by default.

Full audit log

Every agent action, including reads, writes, runbook executions, and approvals, is recorded with actor, target, timestamp, and outcome. Logs land in your own logging stack.

Human-in-the-loop approvals

High-impact runbooks (anything that mutates production state) require explicit human approval. You define which actions are gated and who can approve them.

Least-privilege IAM

The agent runs under a scoped cloud IAM role that you provision. Reference policies are provided; you control scope, conditions, and rotation.

Encryption

Encryption posture

In transit

TLS 1.2+ on every external call. Mutual TLS supported for internal service-to-service connections inside your tenant.

At rest

Any state the agent persists is encrypted with your own cloud KMS keys (AWS KMS, Azure Key Vault, GCP KMS). You hold the keys and the rotation schedule.

No vendor-side storage

OnePane does not store your telemetry, tickets, or audit logs on OnePane infrastructure. The data lives in the systems you already operate.

Compliance

Honest compliance posture

We don't claim certifications we don't have. Here's where we stand and how the tenant model interacts with regulated workloads.

SOC 2 Type II

In progress, targeted completion 2026 Q4.

GDPR

Tenant deployment keeps personal data within your chosen region. We act as a processor where applicable; DPAs available on request.

HIPAA

Tenant deployment is the supported posture for HIPAA-regulated workloads. BAAs available for in-scope deployments.

FedRAMP

Not currently authorized. Tenant deployment into AWS GovCloud or Azure Government can be supported on request for in-tenant operation.

Security FAQ

Does OnePane send data to Anthropic or OpenAI?

Not in a tenant deployment. Model inference runs against the LLM provider you configure, and in tenant mode that boundary stays inside your cloud account, including private model endpoints (Bedrock, Azure OpenAI, GCP Vertex). No customer telemetry is shipped to OnePane or to a third-party model provider unless you explicitly enable a SaaS configuration.

Can we deploy in an air-gapped environment?

Yes, with caveats. OnePane can run in restricted networks against private model endpoints inside your VPC. Fully disconnected, no-internet environments require additional setup (private container registry, offline updates). Talk to us about your network posture and we'll scope the deployment.

What happens if OnePane's infrastructure is compromised?

In a tenant deployment there is no shared OnePane infrastructure that holds your operational data. The agent runs in your own cloud account using your own IAM. A compromise at OnePane (the vendor) does not give an attacker access to your telemetry, tickets, or runbooks because that data was never copied out of your environment.

Do you have a security whitepaper?

Yes. We share an architecture and security overview under NDA during evaluation. Book a security review and we'll send it ahead of the call so your security team can review the deployment model, data flows, and IAM scope.

Can we run OnePane in our own Kubernetes cluster?

Yes. OnePane ships as containers and can run on EKS, AKS, GKE, or self-managed Kubernetes. We provide Helm charts and reference IAM policies. The agent's footprint is small and uses your existing cluster, so you don't introduce new infrastructure to operate.

Ready to put OnePane through your security review?

Book a security review