# Datalogz Architecture

<figure><img src="https://1435452537-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FI51V8nP3ZjMKt2bCO9HR%2Fuploads%2FACG4dZkDe9GWuEGVRWIg%2FScreenshot%202025-08-19%20at%2011.15.03.png?alt=media&#x26;token=9b1668e4-0517-44b8-887c-2da9672a8ece" alt=""><figcaption></figcaption></figure>

Datalogz connects to BI tools exclusively via their authenticated REST APIs, ensuring secure and controlled access. The key points are:

* **Read-Only Metadata Access:**\
  We only retrieve metadata—such as report configurations, usage statistics, and asset lineage—without accessing any underlying report data or user content. This guarantees data privacy and limits access scope.
* **Authenticated API Calls:**\
  All API requests use credentials provisioned and managed securely through service principals or managed identities, ensuring only authorized access to metadata endpoints.
* **Encryption in Transit:**\
  All communication between Datalogz and BI tools occurs over secure HTTPS connections, protecting metadata from interception or tampering during transmission.
* **Metadata Storage Location:**\
  All metadata collected from BI tools is securely stored within a dedicated Datalogz AWS account to ensure isolation and control.