Built to protect your monitoring data
Encryption everywhere, scoped access control, and a self-hostable architecture so you can decide exactly where your data lives.
Encrypted in transit and at rest
Your check configurations, results, and account data are protected at every stage.
- All traffic to and from CheckBeacon — the dashboard and the REST API — is served over TLS 1.2 or higher.
- Stored data, including check definitions, results history, and account records, is encrypted at rest.
- Secrets used by your checks (API keys, bearer tokens, basic auth credentials) are stored encrypted and are never displayed in full after creation.
Strong authentication, scoped access
Account security and access control are built into the core of the product, not bolted on.
Hashed passwords
Passwords are hashed with bcrypt before storage. CheckBeacon never stores or logs plaintext passwords.
Expiring sessions
The API issues short-lived Bearer tokens on login (sessions last 8 hours), sent via the Authorization header on every request.
Role-based access
Organizations can assign admin or read-only roles, so teammates only get the level of access they need.
Reliable by design
The same checks engine you rely on to monitor your services is built with reliability as a first-class concern.
- Checks run from independent regional probes, so a single region's network issues don't cause false alerts.
- Smart alerting (alert after N consecutive failures) reduces noise from transient blips.
- The platform is built on standard, widely supported components (FastAPI, SQLite/MySQL, Docker), making it straightforward to operate, audit, and recover.
Your data stays yours
You control how long results history is kept, and you can export or delete your data at any time.
- Results history retention is configurable per plan, so you can keep only as much history as you need.
- Everything in the dashboard — checks, results, groups, stats — is also available over the REST API, so your data is never locked in.
- Closing your account removes your organization's data in line with our Privacy Policy.
Privacy by default
Our security practices are paired with a straightforward privacy policy that explains what data we collect and why.
Run CheckBeacon on your own infrastructure
For teams that need full control over data residency and access, CheckBeacon is fully self-hostable.
- Official Docker image and Helm chart let you deploy CheckBeacon inside your own VPC or on-prem environment.
- Runs on SQLite for small deployments or MySQL for larger, multi-replica setups — your choice of database.
- Self-hosted deployments keep all check configurations, secrets, and results entirely within your own infrastructure.
Compliance posture
CheckBeacon is a young, developer-led product. We design our security practices to align with common frameworks, and we're working toward formal certifications as the company grows.
Today
Our practices — encryption in transit and at rest, hashed credentials, scoped access control, and audit-friendly logging — are aligned with the kinds of controls auditors look for under frameworks like SOC 2.
On our roadmap
Formal certifications such as SOC 2 and ISO 27001 are on our roadmap as we scale. We have not yet completed any third-party security audits or certifications, and we won't claim otherwise.
Found a security issue?
We take security reports seriously and appreciate the work of independent researchers.
Report a vulnerability
If you believe you've found a security vulnerability in CheckBeacon, please email us at security@checkbeacon.com with details and steps to reproduce. We aim to acknowledge reports within 2 business days, and we ask that you give us a reasonable opportunity to investigate and address the issue before any public disclosure.
Have a security question?
Our team is happy to walk through our security practices, deployment options, or self-hosting setup for your organization.
Contact us