Security
How ConstellationOS protects fleet telemetry, operator credentials, and orchestration APIs.
Scope
This policy covers ConstellationOS: telemetry ingestion, ML predictions, the fleet console, HTTP APIs, and gateway agents deployed in customer environments. It applies to production and pilot deployments unless your agreement specifies otherwise.
Data handling
Fleet telemetry and topology remain customer data. We process it only to deliver the service under contract. Production tenants run in isolated environments. We do not sell customer telemetry or use it to train models shared across customers.
Encryption
Data in transit uses TLS 1.2 or newer between ground agents, APIs, and the console. Data at rest is encrypted for persisted telemetry, credentials, and audit logs.
Access control
Role-based access in the console and API. Automated orchestration runs only under operator-defined policy. Administrative actions and API calls are logged for audit.
Infrastructure
Production workloads run on hardened cloud infrastructure with separate development and production environments. We patch operating systems and dependencies on a regular cadence and restrict production access to authorized personnel.
Availability
Current platform health and incident history are published on our status page. Customers in active pilots receive direct notice for events that affect their streams.
View system status ↗Report a vulnerability
We welcome responsible disclosure. Email us with a description, reproduction steps, and impact assessment. We acknowledge reports within two business days and coordinate on remediation before public disclosure.
security@constellation.spaceEnterprise customers may request additional documentation, questionnaires, or security review under NDA. Contact contact@constellation.space.