Kubeadapt
How it Works
Book a demoSign inStart free
Start free

Security & Privacy

Exactly what we collect. Nothing else.

Read-only RBAC. Aggregated in-cluster before egress. No Secrets, no ConfigMaps, no logs, no network traffic. This page lists every field.

Read the data listsecurity@kubeadapt.io

Data Collection

Resource metadata and usage metrics only.

Read-only. Aggregated in-cluster. Six categories, every field listed.

  • 5 fields

    Resource Metrics

    • Pod CPU and memory usage (per container)
    • Node CPU and memory capacity and usage
    • Resource requests, limits, and ephemeral storage
    • StorageClasses, PVs, PVCs, and CSI volume sources
    • Per-container GPU resource allocation
  • 6 fields

    Kubernetes State

    • Pod status, phases, QoS class, and conditions
    • Node system info, conditions, and taints
    • Namespace metadata and pod distribution
    • Service types, IPs, ports, and load balancers
    • Ingress rules, hosts, and routing paths
    • Kubernetes cluster version
  • 6 fields

    Workload Controllers

    • Deployments, StatefulSets, DaemonSets
    • Jobs, CronJobs, and execution schedules
    • HPA and VPA configurations
    • PodDisruptionBudgets and PriorityClasses
    • Karpenter NodePools and custom CRD workloads
    • Replica counts, update strategies, and conditions
  • 7 fields

    Resource Metadata

    • Container image names and image IDs
    • Labels and annotations on all resources
    • Service account names
    • Node instance types, zones, and architecture
    • Pod and node IP addresses, pod CIDRs
    • Container ports, init containers, and owner references
    • Resource UIDs and creation timestamps
  • 4 fields

    Scheduling & Quotas

    • LimitRanges (default requests and limits)
    • ResourceQuotas (namespace-level caps)
    • Pod priority and scheduler configuration
    • Cloud provider and region detection
  • 5 fields

    GPU Metrics

    • GPU utilization and tensor activity
    • Memory used, free, and total bytes
    • Memory copy utilization (bandwidth)
    • Temperature and power usage
    • Device model, driver version, MIG support

Guarantees

What we won't compromise on.

  • list / watch only

    Minimal RBAC

    Only list and watch verbs on cluster resources. Zero write, create, update, or delete permissions. Your kubectl history will not show our name.

    rbac.verbs = [list, watch]
  • never collected

    No Sensitive Data

    Kubeadapt never reads Secrets, ConfigMaps, environment variables, container logs, or network traffic. The fields we collect are listed above. Nothing else leaves your cluster.

    secrets, configmaps, env, logs = excluded
  • single helm command

    Full Control

    Install or uninstall with one helm command. Your cluster, your decision. No background agents, no orphaned resources.

    helm uninstall kubeadapt -n kubeadapt

Data Flow

From your cluster to ours. One direction. One protocol.

In Cluster

Kubeadapt Agent

Runs as a Deployment in your cluster

  • list / watch K8s API
  • Aggregate metrics
  • Sign payload
TLS 1.3 · mTLS
TLS 1.3 · mTLS
one direction
Our Region

Kubeadapt API

Receives signed metric aggregates

  • Verify signature
  • Store aggregates
  • Run analysis

Only aggregated, non-sensitive data crosses the boundary. Payload is signed in-cluster and verified server-side.

Get started

Ready to see it in action?

Connect a read-only agent in under five minutes. We will not store anything we have not listed above.

Connect a clusterEmail security team

See also Privacy and Terms.

Kubeadapt

Kubernetes FinOps platform. Cost visibility, rightsizing, and capacity planning that pays for itself in 30 days.

Product

  • Cost Monitoring
  • Cost Attribution
  • Workload Rightsizing
  • Recommendations
  • Smart Alerting
  • Best Practices
  • Network Cross-AZ

Resources

  • Documentation
  • Status Page
  • Feature Requests

Company

  • About Us
  • Security
  • Careers
  • Contact

© 2026 Kubeadapt. All rights reserved.

PrivacyTermsSecurity