Security

Encryption and SOC 2

6min

Learn more about our data security practices and compliance measures.

Overview

At Rollstack, your data security is our foremost concern. We are committed to upholding the highest standards in privacy and security.

Rollstack incorporates leading-edge security practices to ensure the integrity and confidentiality of your data across all aspects of our service. Our approach is comprehensive, encompassing robust encryption methods, secure and dependable infrastructure partners, and security controls that undergo independent verification.

Our security team is seasoned and skilled, bringing a wealth of expertise from their tenure at industry-leading firms like Tesla, Mattermost, AiFi, Pinterest, and others, where they managed security for large-scale, complex software systems.

Encryption

We ensure that your data is handled with the highest standards of security. All credentials and sensitive data are encrypted using Advanced Encryption Standard (AES).

Encryption keys are stored in a separate vault in our cloud provider Amazon Web Services (AWS) and no authorized personnel can access these encryption keys. Only specific internal scripts can encrypt or decrypt these credentials.

Encryption keys are rotated every three months.

SOC 2

Rollstack is proud to have achieved SOC 2 Type II certification, affirming our dedication to high-security standards and trustworthy service. You can also find our trust report here.

For any other security questions, you may contact us at [email protected]

Document image


We also conduct annual penetration tests to make sure that we are always up-to-date with the best security practices.

Report a vulnerability

Should you encounter a security issue not listed in our documentation of non-critical vulnerabilities, we would appreciate it if you contact us at [email protected], by providing:

  • An overview of the vulnerability and its possible consequences.
  • Step-by-step instructions to reproduce the security flaw.
  • The specific environment where the issue was detected.
  • Any proof-of-concept scripts or demonstrations, if applicable.

Upon receipt of your report, our security team will promptly initiate a thorough investigation. We will maintain open lines of communication with you, providing updates as we make progress and possibly requesting additional information to aid in our review. Following the resolution of the reported issue, we will inform our user base accordingly.

Recognition for Your Contributions

We appreciate the time and effort spent on improving Rollstack's security. For verified vulnerabilities with a CVSS score of 4 or above, we will express our gratitude with a monetary reward.

Key Security Concerns

We particularly welcome reports on the following:

  • Circumventing authentication or elevation of privileges.
  • Unintended exposure of personally identifiable information (PII).
  • Unauthorized access to data outside the confines of the authenticated workspace.
  • Vulnerabilities to SQL injection and the potential for remote code execution.



Updated 01 Jun 2024
Doc contributor
Doc contributor
Did this page help you?
PREVIOUS
Network Whitelisting
NEXT
Product - FAQs
Docs powered by Archbee