We all know that leaking the wrong piece of data can cause a world of trouble - legal issues, reputational damage, regulatory fallout. But here’s the thing: not all data is equally sensitive. And we need to stop treating all observability data like it’s equally dangerous. When it comes to profiling data, the actual risk is often minimal and the value you get from it far outweighs the downsides.
To put things in context, observability usually covers four key signal types: metrics, logs, traces, and profiles. Metrics give you system-level trends like latency or memory usage. Logs capture detailed events and application messages. Traces let you follow requests across services. Profiles are our focus at Polar Signals that show how your code behaves in production: which functions are hot, where time is spent, and what’s allocating memory.
What makes profiling data different is that it’s not designed to capture user or request-level data. It doesn’t include payloads, PII, credentials, or secrets. It simply reflects how the system executes code over time, that is, performance data, not user data.
So what if profiling data leaks? Realistically, not much happens. Maybe someone sees that your application spends a lot of time in a function called parseRequest. It’s not a breach. It doesn’t trigger GDPR or compliance protocols. It’s internal implementation detail which is considered not sensitive information.
Compare that with logs or traces, which often capture raw input, user identifiers, or tokens if improperly handled. These require sanitization, tight access controls, and constant diligence. Profiling, by contrast, poses significantly less risk by design.
That said, Polar Signals offers an optional View Source File feature, which allows users to upload source code for deeper insight, showing the exact lines where optimizations can be made. In these cases, profiling data may reference proprietary code, and while we don’t process or analyze that code beyond this use case, we encourage teams to consider internal policies before enabling the feature.
We’ve built our platform with security in mind. Polar Signals is SOC 2 Type II compliant, and all data, profiling and otherwise, is encrypted in transit and at rest. We enforce strict access controls, including role-based permissions and audit logging, to ensure data remains protected.
Ultimately, profiling is one of the lowest-risk, highest-value forms of observability data. And with strong security practices and compliance standards in place, Polar Signals helps you harness that value with confidence.