Telemetry and Logging Disclosure
VeloDB BYOC is designed according to the principle that customer data remains entirely within the customer’s cloud account. Operational telemetry exported to the VeloDB control plane is limited to metadata required for service monitoring, health management, capacity planning, incident response, and platform operations.
VeloDB does not export customer table data, database contents, query results, customer-managed object storage contents, backups, or customer-managed encryption keys from the customer environment. Telemetry collection is intentionally limited to operational information necessary to operate and support the service.
Categories of Information Exported
Infrastructure Metrics
VeloDB collects a limited set of infrastructure-level operational metrics from BYOC deployments to support monitoring, alerting, capacity planning, and service availability management. These metrics may include resource utilization statistics such as CPU, memory, storage, disk I/O, and network throughput, as well as node health indicators, service availability status, cluster topology information, and capacity-related metrics.
These metrics are operational in nature and are used solely to assess the health and performance of the deployment. They do not contain customer business data, database contents, table data, or query results.
Service Metrics
In addition to infrastructure telemetry, VeloDB collects aggregated service-level metrics that enable operational monitoring and service reliability management. Examples include query throughput, latency distributions, error rates, replication status, storage utilization, and warehouse or cluster health indicators.
Service metrics are aggregated operational statistics and are used for capacity management, performance monitoring, and SLA tracking. These metrics do not include query text, query execution plans, query results, table names, schema names, or other customer business data.
Diagnostic Logs (Optional)
Customers may optionally enable forwarding of WARNING and ERROR level diagnostic logs to support operational troubleshooting and service reliability investigations. Such logs may contain information related to service startup failures, configuration validation issues, replication failures, storage subsystem errors, software upgrade failures, and application exception stack traces.
Diagnostic logs are intended solely for incident investigation, root cause analysis, and service improvement activities. VeloDB does not intentionally collect query text, query execution plans, table names, schema names, database contents, or query results through diagnostic log forwarding.
Production deployments may disable WARNING and ERROR log forwarding entirely if desired.
Metadata Disclosure
Operational telemetry and diagnostic events may contain limited metadata necessary for identifying and managing deployed resources. Examples include cluster identifiers, warehouse identifiers, node identifiers, software version information, cloud provider and region information, infrastructure resource identifiers, operational timestamps, service health indicators, and error codes.
This metadata is used exclusively for operational management and support purposes. Customer business data is not intentionally collected as part of telemetry or diagnostic events.
Data Not Exported
As part of its data minimization approach, VeloDB does not export the following categories of information from BYOC environments to the VeloDB control plane:
- Table data and database contents
- Query results
- Query text and query execution plans
- Table names and schema names
- Customer-managed object storage contents
- Customer-managed encryption keys
- Database backups
- Customer application data
These categories of information remain under the customer’s control within the customer cloud environment.
Log Forwarding Controls
VeloDB supports multiple telemetry operating modes to accommodate different customer security and compliance requirements.
Under the Metrics Only mode, only infrastructure and service-level metrics are exported, and no diagnostic logs are forwarded.
Under the Metrics and Diagnostic Logs mode, infrastructure metrics, service metrics, and WARNING/ERROR level diagnostic logs are exported to support operational monitoring and troubleshooting activities.
Customers may request that diagnostic log forwarding be disabled entirely for production environments.
Retention
VeloDB retains telemetry and diagnostic information only to the extent necessary to support operational monitoring, incident investigation, service reliability management, and applicable compliance requirements.
Under normal operating procedures, telemetry and diagnostic information is retained for no more than fifteen (15) days. Upon expiration of the applicable retention period, such information is automatically deleted or otherwise removed from operational systems in accordance with VeloDB's data retention and disposal procedures.
Telemetry and diagnostic information is not retained for purposes unrelated to service operations, support activities, or compliance obligations.
Processing Region
Telemetry information is processed only within VeloDB-operated cloud environments and is not shared with third parties except where necessary to provide the service or where required by law.
Processing regions and deployment-specific handling details can be provided upon request.
Encryption
Data in Transit
Telemetry and control-plane communications between a BYOC deployment and the VeloDB control plane are transmitted over private cloud networking and do not traverse the public Internet.
For AWS deployments, communications remain on the AWS backbone network through AWS PrivateLink and may additionally benefit from infrastructure-level network encryption provided by the AWS Nitro System. Similar private connectivity mechanisms may be used on other supported cloud platforms.
VeloDB is currently implementing end-to-end application-layer TLS encryption for telemetry and control-plane communications. This capability is under active development and is planned for a future release.
Data at Rest
Telemetry information stored within VeloDB-operated environments is encrypted at rest using cloud-provider-managed encryption controls and associated storage encryption mechanisms.
Access Controls
Access to telemetry information is governed through role-based access controls (RBAC) and the principle of least privilege. Access is restricted to authorized VeloDB operations and support personnel who require such access to perform legitimate operational or support functions.
Administrative access to telemetry systems is logged and subject to audit controls.
Redaction and Data Minimization
VeloDB follows a data minimization approach and limits telemetry collection to information necessary for operating, monitoring, maintaining, and supporting the service.
Customer business data is not intentionally collected, processed, or exported as part of normal telemetry or diagnostic logging activities. Telemetry collection practices are designed to reduce the amount of information collected while preserving the operational visibility required to maintain service reliability and customer support capabilities.