Overview
Learn more about our data security practices and compliance measures.
At Rollstack, the safeguarding of your data is our foremost concern. We are committed to upholding the highest standards in privacy and security.
Rollstack incorporates leading-edge security practices to ensure the integrity and confidentiality of your data across all aspects of our service. Our approach is comprehensive, encompassing robust encryption methods, secure and dependable infrastructure partners, and security controls that undergo independent verification.
Our security team is seasoned and skilled, bringing a wealth of expertise from their tenure at industry-leading firms like Tesla, Mattermost, AiFi, Pinterest, and others, where they managed security for large-scale, complex software systems.
Rollstack is proud to have achieved SOC 2 Type II certification, affirming our dedication to high-security standards and trustworthy service. For inquiries regarding our SOC 2 Type II report, please contact us at [email protected].
You can also find our trust report here.
We also conduct annual penetration tests to make sure that we are always up-to-date with the best security practices.
Should you encounter a security issue not listed in our documentation of non-critical vulnerabilities, we encourage you to contact us. Please email your findings to [email protected], including:
- An overview of the vulnerability and its possible consequences.
- Step-by-step instructions to reproduce the security flaw.
- The specific environment where the issue was detected.
- Any proof-of-concept scripts or demonstrations, if applicable.
Upon receipt of your report, our security team will promptly initiate a thorough investigation. We will maintain open lines of communication with you, providing updates as we make progress and possibly requesting additional information to aid in our review. Following the resolution of the reported issue, we will inform our user base accordingly.
We appreciate the time and effort spent on improving Rollstack's security. For verified vulnerabilities with a CVSS score of 4 or above, we will express our gratitude with a monetary reward.
We particularly welcome reports on the following:
- Circumventing authentication or elevation of privileges.
- Unintended exposure of personal identifiable information (PII).
- Unauthorized access to data outside the confines of the authenticated workspace.
- Vulnerabilities to SQL injection and the potential for remote code execution.