Security FAQ

Learn about how we adhere to global and industry compliance best practices

You asked:

How is Optimize Live deployed?

  • On your cluster, we deploy the following components:
    • StormForge Agent, which reports on new workloads and deploys and configures the Metrics Forwarder. The Metrics Forwarder collects data and ships it to the StormForge backend. The oci:// Helm chart creates and uses a ServiceAccount called stormforge-agent and binds it to the Kubernetes view ClusterRole, granting read-only permissions to all resources in the cluster.
    • Applier (optional), which patches workloads with optimized resource utilization recommendations. The oci:// Helm chart creates and uses a ServiceAccount called stormforge-applier and binds it to the Kubernetes edit ClusterRole, granting update and patch permissions to all optimizable workloads (and HPA, if enabled).
  • On our instances, we store the data and run machine learning to provide recommendations, which are presented in the StormForge UI.

What data do you collect?

From a targeted instance, we collect:

  • Metadata: cluster name, cluster UID, namespace name, workload name, workload type, node name, node instance type, pod name, and container name.

    Note: If you specify an allowNamespaces or a denyNamespaces list (or both), we collect data accordingly. For example, we do not collect data about namespaces that you include in the denyNamespaces list.

  • Metrics: We use the metadata above to build workload and container metrics. For the the complete list for metrics, run:

    helm show readme oci://

    Workload-level metrics are generated by Stormforge and are prefixed with sf. Container-level metrics are built-in metrics provided by cAdvisor running on the Kubernetes node.

We do not collect any personal data directly — only via social logins (such as Google or GitHub).

For details, check out our Privacy Policy.

How do you collect data and where is it stored?

The StormForge Metrics Forwarder collects metrics data from a targeted instance via HTTPS requests, and then pushes the metrics to the StormForge SaaS backend. We store the parsed and ingested data in the StormForge cloud. Each customer has their own separate instance, and data is not shared.

How long is it stored for?

By default, we store data for one year. Upon request, we will delete all data that is less than one year of age.

Who has access to customer data?

Access to production data is restricted to privileged StormForge engineers on an as-needed temporary basis and only for the explicit intent of direct customer support.

When our Machine Learning team needs data for product improvement activities, we anonymize data. No external parties have access to customer data.

Can StormForge enable SSO for enterprise identity providers?

Yes. To enable this feature, contact

Which StormForge service URLs must be on the organization’s allowlist?

See the complete list in the StormForge installation prerequisites.

Last modified February 12, 2024