Security

How ConstellationOS protects fleet telemetry, operator credentials, and orchestration APIs.

Scope

This policy covers ConstellationOS: telemetry ingestion, ML predictions, the fleet console, HTTP APIs, and gateway agents deployed in customer environments. It applies to production and pilot deployments unless your agreement specifies otherwise.

Data handling

Fleet telemetry and topology remain customer data. We process it only to deliver the service under contract. Production tenants run in isolated environments. We do not sell customer telemetry or use it to train models shared across customers.

Encryption

Data in transit uses TLS 1.2 or newer between ground agents, APIs, and the console. Data at rest is encrypted for persisted telemetry, credentials, and audit logs.

Access control

Role-based access in the console and API. Automated orchestration runs only under operator-defined policy. Administrative actions and API calls are logged for audit.

Infrastructure

Production workloads run on hardened cloud infrastructure with separate development and production environments. We patch operating systems and dependencies on a regular cadence and restrict production access to authorized personnel.

Availability

Current platform health and incident history are published on our status page. Customers in active pilots receive direct notice for events that affect their streams.

View system status ↗

Report a vulnerability

We welcome responsible disclosure. Email us with a description, reproduction steps, and impact assessment. We acknowledge reports within two business days and coordinate on remediation before public disclosure.

security@constellation.space

Enterprise customers may request additional documentation, questionnaires, or security review under NDA. Contact contact@constellation.space.

Book a discovery call

Step 1 of 4

Questions? contact@constellation.space

Technical whitepaper

Enter your email to access the ConstellationOS technical whitepaper.