Use TimescaleSecurity

Timescale security

Data encryption

Your Timescale data is encrypted both in transit and at rest. Both active databases and backups are encrypted.

Timescale uses AWS as its cloud provider, with all the security that AWS provides. Data encryption uses the industry-standard AES-256 algorithm. Cryptographic keys are managed by AWS Key Management Service (AWS KMS). Keys are never stored in plaintext.

For more information about AWS security, see the AWS documentation on security in Amazon Elastic Compute Cloud and Elastic Block Storage.

Networking security

Customer access to Timescale services is only provided over TLS-encrypted connections. There is no option for using unencrypted plaintext connections.

Networking with Virtual Private Cloud (VPC) peering

When using VPC peering, no public Internet-based access is provided to the services. Service addresses are published in public DNS, but they can only be connected to from the customer's peered VPC using private network addresses.

Operator access

Normally all the resources required for providing Timescale services are automatically created, maintained and terminated by the Timescale infrastructure. No manual operator intervention is required.

However, the Timescale Operations Team has the capability to securely log in to the service Virtual Machines for troubleshooting purposes. These accesses are audit logged.

No customer access to the virtual machine level is provided.

Customer data privacy

Customer data privacy is of utmost importance at Timescale. By default, your Timescale data is encrypted both in transit and at rest. To do this, Timescale uses various technical mechanisms, processes, and software development lifecycle practices, to help ensure the security and privacy of your data.

Timescale complies with the European Union's General Data Protection Regulation (GDPR), and all practices are covered by the Timescale Privacy Policy and the Timescale Terms of Service. All customer data is processed in accordance with Timescale's GDPR-compliant Data Processor Addendum, which applies to all Timescale customers.

Timescale operators never access customer data, unless explicitly requested by the customer to troubleshoot a technical issue. The Timescale operations team has mandatory recurring training regarding the applicable policies.

Keywords

security

Found an issue on this page?

Report an issue!
PreviousSecurityNextSAML authentication

Related Content

Virtual Private Cloud
Use VPC peering to secure your Timescale database
Security
Learn how your Timescale instance is secured
SAML (Security Assertion Markup Language)
Use SAML as authentication for your Timescale account
Connect with a stricter SSL mode
Connect to Timescale with a stricter SSL mode
Multi-factor user authentication
Manage Multi-factor user authentication for your Timescale account
Members
User management for your Timescale project