The new standard of observability is here. Discover Olly, the industry’s first 
Bring your own cloud (BYOC) shared responsibility addendum
Updated October 2025
This Bring-Your-Own-Cloud Shared Responsibility Addendum (the “Addendum”) sets forth the respective roles and responsibilities of Coralogix Ltd. and its affiliates (“Coralogix”) and the customer entity identified in the applicable Order Form (“Customer”) regarding the security, privacy, and management of Customer Data processed in connection with the Coralogix Services deployed within a Customer-provided cloud environment.
This Addendum supplements and forms an integral part of the Coralogix Master Subscription Terms (the “Terms”), and applies solely to Customers utilizing the Bring-Your-Own-Cloud (“BYOC”) deployment model. Unless otherwise defined herein, capitalized terms shall have the meaning ascribed to them in the Terms. In the event of a conflict between this Addendum and the Terms, this Addendum shall prevail with respect to BYOC offerings only.
1. Shared Responsibility Model
The BYOC model enables Customers to deploy the Coralogix Services in their own cloud environment, thereby providing Customers with data residency control and infrastructure ownership, while Coralogix maintains operational responsibility. Under this model, security and compliance obligations are shared between Coralogix and the Customer:
- Coralogix remains responsible for securing and maintaining the components it manages or controls, including the Coralogix platform, application-level configurations, infrastructure installation and maintenance.
- The Customer retains responsibility for, amongst other controls listed in detail below: cloud account ownership and allocation of cloud resources to enable Coralogix’s deployment and usage of the Services, ensuring compliance with all applicable data privacy regulations for Personal Data under Customer’s control as data controller, as defined in the Coralogix DPA.
A detailed description of these responsibilities is set forth in the Coralogix Shared Responsibility Matrix.
2. Customer Data Storage and Control
In the BYOC model, Customer Data is stored exclusively within the Customer’s own cloud account, with Customer maintaining ownership of the cloud account and data, and maintaining responsibility for cloud expenses incurred. Coralogix installs, deploys, maintains, and manages the operation of its Services and associated platform components within Customer’s cloud environment. Coralogix shall be provided administrative access necessary to perform installation, maintenance, and support obligations. Coralogix acquires no ownership rights in Customer Data and processes such data solely as a Processor on behalf of Customer in accordance with Customer’s documented instructions, applicable data protection laws, and the Coralogix Data Processing Addendum available at https://coralogix.com/data-processing-agreement/ (the “DPA”).
Accordingly:
- The Customer is responsible for: (i) creating and owning its cloud account; (ii) allocating cloud resources to enable Coralogix’s deployment and usage of the Services; (iii) maintaining object storage buckets for query and backup purposes, including ensuring encryption at rest and proper access controls; and (iv) bearing all expenses related to cloud infrastructure usage.
- Coralogix accesses Customer Data and Customer’s cloud environment solely as required to install, deploy, maintain, and support the Services, in accordance with the Terms. Coralogix will process Customer Data only as necessary to fulfill its obligations as a Processor under the Terms and DPA, and any processing for service improvement or maintenance purposes shall be conducted in accordance with applicable data protection laws and the DPA.
- The Customer is responsible for selecting a cloud provider and ensuring that its chosen cloud provider, and configuration thereof, meets applicable compliance, security, and data residency requirements under applicable law, or any other jurisdictions where Customer operates or where Customer Data subjects are located. Customer represents that its cloud provider selection and configuration comply with such requirements, provided that Coralogix supports AWS (with Google Cloud Platform and other hosting providers available on a case-by-case basis) for BYOC deployments.
Shared Responsibility Disclaimer
3. Customer Responsibilities
Customers deploying Coralogix Services in a BYOC environment acknowledge that failure to implement and maintain these controls may compromise the security and functionality of the Services. Coralogix shall not be liable for any failures or damages directly resulting from Customer’s failure to implement or maintain the controls specified in this Section 3, provided that Coralogix has fulfilled its own obligations under this Addendum and the Terms:
3.1 Logical Access Management
Coralogix manages access controls for Coralogix-managed users and personnel, while the Customer is responsible for managing access within its own cloud accounts and providing access to Coralogix personnel with appropriate permissions.
- Privileged Access Restriction: Only authorized personnel with a legitimate business need may be provided access by Customer to their cloud environment containing Customer Data. This is performed in line with Coralogix Support Policy available at https://coralogix.com/support-policy
- Access Revocation: Access to Customer Data by Coralogix personnel is revoked within twenty-four (24) hours of employment termination or role change that eliminates the business need for such access.
3.2 Operations and Infrastructure Security
Coralogix manages these controls for its deployed components within the Customer’s environment.
- Vulnerability Testing: Coralogix conducts regular vulnerability assessments for Coralogix-managed components.
- Penetration Testing: Comprehensive penetration tests are performed at least annually
- Vulnerability Management: Coralogix documents, assesses, and remediates vulnerabilities discovered during testing in accordance with its internal SLAs, which Coralogix maintains at standards consistent with industry standards.
3.3 Deployment Security and Integrity
- Deployment Security: Coralogix performs periodic reviews and testing of deployed components.
- Deployment Integrity: Coralogix manages the initial deployment and ensures secure communication between Coralogix-managed components and the Customer’s environment.
4. Customer Acknowledgement
By enabling BYOC deployment, the Customer acknowledges that its configuration, management, and security practices directly affect the overall security posture of the Services. The Customer agrees to cooperate with Coralogix as reasonably necessary to maintain compliance, performance, and security under this shared responsibility model.
