Encryption and SOC 2
Learn more about our data security practices and compliance measures.
At Rollstack, your data security is our foremost concern. We are committed to upholding the highest standards in privacy and security.
Rollstack incorporates leading-edge security practices to ensure the integrity and confidentiality of your data across all aspects of our service. Our approach is comprehensive, encompassing robust encryption methods, secure and dependable infrastructure partners, and security controls that undergo independent verification.
Our security team is seasoned and skilled, bringing a wealth of expertise from their tenure at industry-leading firms like Tesla, Mattermost, AiFi, Pinterest, and others, where they managed security for large-scale, complex software systems.
We ensure that your data is handled with the highest standards of security. All credentials and sensitive data are encrypted using Advanced Encryption Standard (AES).
Encryption keys are stored in a separate vault in our cloud provider Amazon Web Services (AWS) and no authorized personnel can access these encryption keys. Only specific internal scripts can encrypt or decrypt these credentials.
Encryption keys are rotated every three months.
Rollstack is proud to have achieved SOC 2 Type II certification, affirming our dedication to high-security standards and trustworthy service. You can also find our trust report here.
For any other security questions, you may contact us at [email protected]
We also conduct annual penetration tests to make sure that we are always up-to-date with the best security practices.
Should you encounter a security issue not listed in our documentation of non-critical vulnerabilities, we would appreciate it if you contact us at [email protected], by providing:
- An overview of the vulnerability and its possible consequences.
- Step-by-step instructions to reproduce the security flaw.
- The specific environment where the issue was detected.
- Any proof-of-concept scripts or demonstrations, if applicable.
Upon receipt of your report, our security team will promptly initiate a thorough investigation. We will maintain open lines of communication with you, providing updates as we make progress and possibly requesting additional information to aid in our review. Following the resolution of the reported issue, we will inform our user base accordingly.
We appreciate the time and effort spent on improving Rollstack's security. For verified vulnerabilities with a CVSS score of 4 or above, we will express our gratitude with a monetary reward.
We particularly welcome reports on the following:
- Circumventing authentication or elevation of privileges.
- Unintended exposure of personally identifiable information (PII).
- Unauthorized access to data outside the confines of the authenticated workspace.
- Vulnerabilities to SQL injection and the potential for remote code execution.