How do you protect our data?

Protecting customer data is our highest priority. Our policy is to match or exceed all security measures for comparable products, such as GitHub & Gitlab.

Here are a few examples of the many ways we protect your data:

• Data Transfer: We use only encrypted transfers to our servers (SSH + HTTPS) and use a one-way hash of all user passwords using bcrypt (same as GitHub).

• Servers: We follow best practices for server management as laid out by the SOC 2 / ISO27001 standards, with customer data encrypted at rest.

• Testing: We continuously test our systems against common attack vectors, including XSS, dependency injection, ReDOS, MitM, etc.

• Rootless: We use multiple levels of protection including rootless containers on our servers, which prevent malicious actors from installing or running arbitrary code to collect user data in the case of an XSS attack.

• We perform annual penetration tests and the report is available to customers upon request.

If you have further questions or concerns, please email us at security@allspice.io.