Skip to content
English
Contact Customer Support Customer portal Sign in
Go to scythe.io
  • There are no suggestions because the search field is empty.

How SCYTHE On-Prem Handles Your Data and Outbound Communications

Understanding what data stays local, what leaves your environment, and what SCYTHE can and cannot access in an on-premises deployment.

Overview

When you run SCYTHE in an on-premises deployment, your operational data stays on your infrastructure. SCYTHE does not operate a central server that receives your test content or results, and SCYTHE personnel do not have access to your environment or the data within it. This article explains exactly what is stored locally, what communications leave your network, and under what circumstances.

What Data Is Stored, and Where

All data generated by your SCYTHE on-prem instance is stored locally on the machine hosting SCYTHE. Nothing is replicated to SCYTHE-operated systems.

The specific data stored depends entirely on the tests you run:

  • IPs and hostnames — Only IPs and hosts that are part of the tests you run will be logged. SCYTHE does not scan or collect network information outside the scope of your configured tests.
  • Vulnerability data — Only stored if you run a test that specifically identifies vulnerabilities.
  • PII — Only stored if a test you configured surfaces it. If you delete a test that surfaced PII, all PII associated with that test is deleted along with it.

In short, SCYTHE stores what your tests generate, all of it remains on your host, and you control its lifecycle by managing your tests.

Outbound Communications from Your On-Prem Instance

Your on-prem deployment does not transmit test data, target information, or results to SCYTHE. The only outbound communications are for operational maintenance of the platform itself:

  • scythe.io — for software update checks.
  • Replicated — for license validation, cluster updates, and instance telemetry (see below).
  • Docker — for container updates and installation.
  • Support bundles — transmitted to SCYTHE only if you explicitly choose to send one from the admin interface.

Beyond these, no data leaves your environment.

A Note on Replicated and Instance Telemetry

The SCYTHE on-prem install uses Replicated's embedded cluster and Replicated KOTS. It does not use the Replicated SDK and does not define any custom metrics on top of what Replicated collects by default.

This means the instance and event data transmitted to Replicated is limited to what Replicated documents in its standard data policy. You can review the full list of data Replicated collects here: Replicated: About instance and event data.

In practical terms: the outbound data to Replicated covers things like your software version, cluster health, and install status — not your test content, targets, or results.

Answers to Common Questions

Does SCYTHE have access to our on-prem instance or its data? No. SCYTHE personnel do not have access to your instance, and your test content and results never leave your host. The update infrastructure does receive limited operational telemetry (as described above), but this does not include the data generated by your tests.

Is any test data, target data, or results data transmitted back to SCYTHE? No. Test content, target information, and results remain entirely on your host. The only outbound data is the operational telemetry required for updates, licensing, and cluster management.

What if we need to share data with SCYTHE support? Support bundles are opt-in. They are only sent when you initiate the action from the admin interface. You remain in control of what, if anything, is shared.

Can we remove PII from the system? Yes. Because PII is only stored as part of the tests that surfaced it, deleting the relevant test removes the associated PII from the system.