---
title: Synthetic Monitoring Data Security
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Reducing Data Related Risks > Synthetic Monitoring Data Security
---

# Synthetic Monitoring Data Security

{% alert level="info" %}
This page is about the security of data sent to Datadog. If you're looking for cloud and application security products and features, see the Security section.
{% /alert %}

The [Synthetic Monitoring product](https://docs.datadoghq.com/synthetics/) allows you to proactively monitor how your systems and applications are performing using simulated requests and business transactions. Synthetic tests can be initiated from all around the globe, from either managed or private locations.

## Information security{% #information-security %}

### Encryption in managed locations{% #encryption-in-managed-locations %}

#### Test configurations and variables{% #test-configurations-and-variables %}

- **Transport**: Asymmetric encryption - RSA (4096-bit key). All requests are signed using Datadog Signature v1 (based on the same signing process as [AWS Signature v4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)), ensuring both authentication and integrity.
- **Storage**: Symmetric encryption - AES-GCM (256-bit key).

#### Test results{% #test-results %}

- **Transport**: Asymmetric encryption - RSA (4096-bit key). All requests are signed using Datadog Signature v1 (based on the same signing process as [AWS Signature v4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)), ensuring both authentication and integrity.
- **Storage**: Sensitive parts (response headers and body) of test results are stored encrypted with an asymmetric encryption - RSA (4096-bit key) and decrypted on-the-fly when test results are fetched.

#### Artifacts{% #artifacts %}

Artifacts are browser test screenshots, snapshots, errors, and resources.

{% callout %}
# Important note for users on the following Datadog sites: app.datadoghq.com, us3.datadoghq.com, us5.datadoghq.com, app.ddog-gov.com, ap1.datadoghq.com, ap2.datadoghq.com



- **Storage**: Encryption for [Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html).
- **Transport**: Encryption in transit using [AWS Signature Version 4 for S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/network-isolation.html).


{% /callout %}

{% callout %}
# Important note for users on the following Datadog sites: app.datadoghq.eu



- **Storage**: Encryption through [service accounts in GCS](https://cloud.google.com/storage/docs/encryption/customer-managed-keys) (using [AES256](https://cloud.google.com/security/encryption-at-rest/default-encryption)).
- **Transport**: Encryption in transit using [Authentication, integrity, and encryption for GCS](https://cloud.google.com/security/encryption-in-transit/resources/encryption-in-transit-whitepaper.pdf).


{% /callout %}

### Encryption in private locations{% #encryption-in-private-locations %}

#### Private locations credentials{% #private-locations-credentials %}

- **Storage**: Private locations credentials used to sign test configuration, variables, and test results requests are stored encrypted (symmetric encryption - AES-GCM), with audit logging and access policies.

#### Test configurations and variables{% #test-configurations-and-variables-1 %}

- **Transport**: Asymmetric encryption - RSA (4096-bit key). Communication between private locations and Datadog is secured using Datadog Signature v1 (based on the same signing process as [AWS Signature v4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)), ensuring both authentication and integrity.
- **Storage**: Symmetric encryption - AES-GCM (256-bit key).

#### Test results{% #test-results-1 %}

- **Transport**: Asymmetric encryption - RSA (4096-bit key). Communication between private locations and Datadog is secured using Datadog Signature v1 (based on the same signing process as [AWS Signature v4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html)), ensuring both authentication and integrity.

- **Storage**: Sensitive parts (by default, response headers and body) of test results are stored encrypted with an asymmetric encryption - RSA (4096-bit key) and decrypted on-the-fly when test results are fetched.

#### Artifacts{% #artifacts-1 %}

Artifacts are browser test screenshots, snapshots, errors, and resources.

{% callout %}
# Important note for users on the following Datadog sites: app.datadoghq.com, us3.datadoghq.com, us5.datadoghq.com, app.ddog-gov.com, ap1.datadoghq.com, ap2.datadoghq.com



- **Storage**: Encryption for [AWS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html).
- **Transport**: HTTPS transport between the private location and Datadog (authentication through API key), then from Datadog to storage: encryption in transit using [AWS Signature Version 4 for S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/network-isolation.html).


{% /callout %}

{% callout %}
# Important note for users on the following Datadog sites: app.datadoghq.eu



- **Storage**: Encryption through [service accounts in GCS](https://cloud.google.com/storage/docs/encryption/customer-managed-keys) (using [AES256](https://cloud.google.com/security/encryption-at-rest/default-encryption)).
- **Transport**: HTTPS transport between the private location and Datadog (authentication through API key), then from Datadog to storage: encryption in transit using [Authentication, integrity, and encryption for GCS](https://cloud.google.com/security/encryption-in-transit/resources/encryption-in-transit-whitepaper.pdf).


{% /callout %}

## Testing accounts{% #testing-accounts %}

It is strongly recommended to leverage accounts dedicated to testing for your Synthetics tests.

## Storing secrets{% #storing-secrets %}

You can store secrets in [global variables](https://docs.datadoghq.com/synthetics/settings/?tab=specifyvalue#global-variables) with the obfuscation feature to ensure global variable values do not leak into your test configurations and results. The access to global variables can then be restricted using the dedicated [global variable RBAC permissions](https://docs.datadoghq.com/account_management/rbac/permissions/#synthetic-monitoring).

## Privacy options{% #privacy-options %}

Use the [API](https://docs.datadoghq.com/synthetics/api_tests/http_tests?tab=privacy#define-request), [Multistep API](https://docs.datadoghq.com/synthetics/multistep?tab=privacy#define-the-request) and [Browser tests' privacy options](https://docs.datadoghq.com/synthetics/browser_tests/?tab=privacy#test-configuration) to limit the amount of data stored in test results. However, be mindful of the usage of these options as enabling them can make failures troubleshooting more difficult.

### Further Reading{% #further-reading %}

- [Review the main categories of data submitted to Datadog](https://docs.datadoghq.com/data_security/)