Your telemetry, under your control.

backwork runs on your own infrastructure. Logs, metrics and traces are stored on your disk and never traverse a third party — the strongest data-residency guarantee there is.

Every organization's data is scoped by an enforced org_id: injected into log stream labels, metric series and trace spans at ingest, and filtered server-side on every query. A tenant can never read another's telemetry.

Alert-channel secrets are sealed with AES-256-GCM (HKDF-derived keys). Ingest tokens are stored only as SHA-256 hashes. Passwords use argon2id with a server-side pepper.

Signed, HttpOnly, Secure cookies with server-side revocation via a token version — logging out or changing a password invalidates captured cookies everywhere. Per-IP and per-account rate limiting throttles brute force.

Same-origin (CSRF) checks on every state-changing action, SSRF guards that block alert webhooks from reaching internal or metadata endpoints, and path-only redirects that can't be hijacked.

A missing or failed data source reads as “no data,” never “healthy.” Outages in the telemetry path are surfaced, not masked — so the dashboard is trustworthy precisely when you need it most.