LinkMesh
Start free

Trust & security

Plain statements, not slogans.

LinkMesh is software you run on your own infrastructure, not a service we operate for you. This page lists what that actually means for your telemetry, your configuration, and your data — in language a security or procurement reviewer can take to a desk and verify.

Last reviewed: 2026-05-20.

Where your data is processed

LinkMesh Server and the OpenTelemetry Collectors it manages run on your own infrastructure — your VMs, your Kubernetes cluster, your hardware. Telemetry from your applications flows through your Collectors to your chosen backends (Grafana, Loki, Prometheus, Splunk, Datadog, anything OpenTelemetry-compatible). At no point does it traverse OpenSight's network.

We do not operate a multi-tenant SaaS that ingests your telemetry. There is nothing to ingest from our side — the product is a set of binaries you download and run, not a hosted service. See Data handling & DPA for the procurement-ready summary, including the commercial-data scope and our sub-processors list.

Sensitive data masking, on the host

OpenTelemetry Collectors managed by LinkMesh can apply masking processors that strip or hash sensitive fields before the data leaves the host. Built-in templates cover credit-card numbers (PAN), email addresses, and phone numbers; custom OTTL / regex rules cover your own field types.

These rules run client-side at the source. You can verify them yourself by inspecting outbound payloads on the host — there is no "trust us" step. See Features for the marketing-level summary, or the Mask PII how-to on docs for the OTTL config patterns.

Configuration is yours, audit-trailed in Git

All Collector configuration is managed centrally from the LinkMesh control plane and stored in a Git repository you control. Every change is a Git commit with author, timestamp, and a diff. You can roll back to any prior state, audit who changed what, and bring your own Git provider — LinkMesh writes to wherever you point it.

We do not push remote configuration changes without your action. Agents poll the control plane on intervals you set. See the configuration reference and architecture overview on docs for the technical specifics.

Pricing aligned to use, not data volume

LinkMesh is priced per managed Collector — a flat number you can plan around. There is no volume-based component, no per-GB ingest fee, no event-count meter.

The practical implication: there is no commercial incentive on our side to push more telemetry through your pipelines. If you reduce your volume by 80% via sampling, your bill stays the same. See Pricing for the actual numbers.

The marketing website (linkmesh.io)

This website uses Google Analytics 4 to understand which pages are useful, gated behind explicit cookie consent (Consent Mode v2, default denied). See Privacy, Cookies, and Terms for the detail.

Google Analytics is not present in the product binaries. It runs only on linkmesh.io itself. Product binaries do not phone home, do not report usage telemetry, and do not contact OpenSight at runtime.

What we don't claim

  • – We do not currently hold SOC 2, ISO 27001, or comparable formal certifications.
  • – We do not run a hosted control plane on your behalf.
  • – We do not have access to your telemetry, your Collector configurations, or your dashboards.
  • – We do not operate behind a vague "secure by design" claim. Every specific statement on this page is verifiable in the product itself.

Talk to us

Security questionnaires, architecture reviews, and vulnerability disclosure: info@opensight.ch. We respond to first-touch in one business day; deeper questionnaires take longer depending on length.