# Data processing, privacy, and compliance

Olly is designed with security and compliance as foundational principles. It inherits the same technical and organizational controls that protect the rest of the Coralogix platform, including access controls, data segregation, and audited security programs aligned with ISO 27001 and SOC 2 Type II.

## Architecture and data flow

Security and compliance are built into how Olly works. Every query is authenticated, uses only the data needed to answer the question, and is processed inside Coralogix-managed infrastructure. Your data never leaves your security boundary.

When you ask Olly a question:

1. **Authenticate** — Olly verifies your Coralogix identity and applies your permissions before doing anything.
1. **Fetch minimally** — Olly retrieves only the telemetry relevant to your question. It does not access Block-tier data or Frequent Search.
1. **Build context** — Your question, a minimal slice of telemetry, and internal policy guardrails are assembled into a context window.
1. **Generate privately** — The context is sent to your selected model provider inside a private, Coralogix-managed deployment — not a public shared endpoint.
1. **Stay inside Coralogix** — Nothing is written outside your existing infrastructure. Any queries, dashboards, or alerts Olly generates live in your account under your existing access controls.

By default, Olly uses a private Azure OpenAI deployment inside Coralogix's own Azure virtual network. You can also select Claude (AWS) or Gemini (Google Cloud Vertex AI) — in every case, inference runs inside an enterprise deployment with contractual data protection. Learn more in [Model selection](https://coralogix.com/docs/user-guides/olly/model-selection/index.md).

## Data categories and minimization

Olly uses the minimum data required to answer each question.

Data that may be processed:

- **Telemetry** — logs, metrics, and traces
- **Resources** — alerts, dashboards (when a URL is shared explicitly via the @ context menu)
- **Account context** — service names, applications, subsystems, environments, fields, and other configuration metadata
- **User interactions** — prompts, follow-up questions, Olly's responses, and optional feedback signals
- **GitHub context (when enabled)** — repository code snippets relevant to the investigation — file paths, function definitions, and line-level context. Only the selected repository is included. Learn more in [GitHub integration](https://coralogix.com/docs/user-guides/olly/github/index.md).

Note

When you use the **@** button to reference a Coralogix resource — such as a dashboard, alert, or saved query — its relevant metadata is included in the context window sent to the model provider. Only resources you explicitly select are included.

## Identity and access

Olly operates as the logged-in Coralogix user and inherits their permissions. Every query runs within the scope of the user's Coralogix roles, teams, and policies.

- Olly respects role-based permissions and policies configured in Coralogix
- Olly cannot access data outside the teams and permissions associated with the current user
- If a user cannot see specific data in the Coralogix UI, Olly cannot access it either

### Activation

Olly is disabled by default and must be explicitly activated by a user with the relevant Coralogix permissions in **Settings**, then **Account Preferences**, then **AI-Powered Capabilities**. When AI capabilities are disabled, Olly is not available to any team member. Learn more in [Enable Olly](https://coralogix.com/docs/user-guides/olly/enable/index.md).

## Tenant isolation and regional data residency

Olly operates within the same multi-tenant isolation model and regional boundaries as the Coralogix platform.

### Tenant isolation

- Customer data is segregated using logical separation (per-customer keys) and physical separation by region
- Olly cannot access telemetry from a different tenant

### Regional alignment

- Olly does not execute multi-region queries — within any given chat, Olly generates answers only from data within the same region
- For **GPT**, Olly processes data in Microsoft Azure regions that correspond to the customer's selected hosting region
- For **Claude**, Olly processes data in AWS regions that correspond to the customer's selected hosting region
- For **Gemini**, Olly processes data in GCP regions that correspond to the customer's AWS-selected region. For customers located in Asia, data is processed in asia-south1 (Mumbai, India)

## Data protection and network security

Olly inherits Coralogix's technical and organizational measures for protecting customer data.

Platform-level protections:

- Data in transit is protected with TLS 1.2 or above
- Data at rest is encrypted using AES-256
- Coralogix isolates services in hardened VPCs and uses firewalls, security groups, and intrusion detection solutions

Azure OpenAI protections:

- The deployment runs inside Coralogix's own Azure VNet, not a public shared endpoint
- Data sent to Azure OpenAI is encrypted in transit and at rest
- Azure OpenAI does not use customer data to retrain or fine-tune models

## Data retention and deletion

- Olly does not store data externally — no prompts or telemetry are held outside Coralogix infrastructure
- Telemetry that Olly analyzes is stored and retained according to your existing Coralogix retention settings
- For security and observability, Olly may log user prompts, timestamps, references to telemetry used as context, and resulting actions — these logs are stored under the same encryption and audit frameworks as other platform logs
- GPT and Claude do not store cached contents
- User sessions are stored as artifacts to allow access to session history for the duration of the subscription term

## Governance and admin controls

- Olly is disabled by default and must be explicitly activated in **Settings**, then **Account Preferences**, then **AI-Powered Capabilities**
- Olly is governed by the Coralogix Master Subscription Terms and Addendum and the [AI Tools Acceptable Use Policy](https://coralogix.com/ai-tools-policy/)

## Model providers and data use

Olly supports three enterprise model providers. The active provider is selected per user in the chat interface. Learn more in [Model selection](https://coralogix.com/docs/user-guides/olly/model-selection/index.md).

| Provider      | Infrastructure                   | Models                                                 | Data use              |
| ------------- | -------------------------------- | ------------------------------------------------------ | --------------------- |
| GPT (default) | Microsoft Azure (Coralogix VNet) | GPT-5 mini, GPT-5.4 mini, GPT-5.1, GPT-5.2, GPT-5.4    | Not used for training |
| Claude        | AWS (Coralogix VPC)              | Claude Haiku 4.5, Claude Sonnet 4.5, Claude Sonnet 4.6 | Not used for training |
| Gemini        | Google Cloud Vertex AI           | Gemini 3.1 Pro, Gemini 3 Flash                         | Not used for training |

- Microsoft Azure, AWS, and GCP act as subprocessors for model inference under contractual data protection obligations and signed Data Processing Agreements
- Customer prompts and completions are not used to train foundation models
- For GPT and Claude, model deployments run inside Coralogix-managed VPC infrastructure — OpenAI and Anthropic cannot directly access or store your data
- For Gemini, processing takes place on Google Cloud Vertex AI

## GitHub integration and code privacy

When a user connects a GitHub repository, Olly can include relevant code context — file paths, function definitions, and line-level snippets — in the context window sent to the selected model provider.

- GitHub context is included only when a user connects a repository and selects it for the chat.
- Each user connects their own GitHub account and can select only one repository at a time.
- Only code relevant to the investigation is included in the context window — not the entire repository.
- Repository access is managed in GitHub and is subject to the user's GitHub permissions.
- Code context is processed under the same data minimization and provider policies as telemetry.

Learn more in [GitHub integration](https://coralogix.com/docs/user-guides/olly/github/index.md).

## Compliance frameworks

Olly runs inside the same security and compliance boundary as the Coralogix platform.

Coralogix maintains third-party certifications and assessments, including:

- SOC 2 Type II
- ISO/IEC 27001, 27017, 27018, 27701
- ISO/IEC 42001:2023 (AI management)
- PCI DSS v4
- GDPR and CCPA alignment
- HIPAA compliance (subject to BAA)
- DORA and EU-US Data Privacy Framework support

## AI-specific safeguards

Olly includes safeguards against prompt injection, data exfiltration, and misuse:

- Olly is restricted to Coralogix APIs and data stores and cannot directly access external systems or arbitrary networks
- Integrations (such as Slack and GitHub) are mediated through Coralogix backends with additional permissions and validation
- Internal system prompts restrict Olly to allowed actions
- Requests are subject to rate limits to reduce abuse and denial-of-service risk
- Coralogix AI security tooling detects patterns that look like prompt injection, jailbreak attempts, or unusual data access

## Next steps

Find answers to common questions in [Olly FAQs](https://coralogix.com/docs/user-guides/olly/faqs/index.md).