For unmanaged installations, your data never leaves your installation and no one in Paragon has access to any of your data besides the billing contact information associated with the subscription.For managed installations, your data never leaves your installation, and a Paragon support engineer can get limited access to perform maintenance or support tasks such as viewing application logs or debugging a workflow. Temporary access is granted upon request, logged and approved internally, and an audit trail of commands executed is automatically tracked. Sensitive data, like credentials, are never accessible.
What type of access is required for managed installations?
The Paragon installer needs credentials to provision application resources via Terraform. Because the credentials are sandboxed to the tenant / organization / subscription, the installer cannot access any other resources on the AWS / Azure / GCP account. These credentials aren’t shared with any Paragon engineers.Paragon support engineers are granted temporary access to application logs via ElasticSearch or limited database access via Teleport to perform routine support duties requested by customers.