SLEUTH TRUST CENTER

Security is very important to us. We follow industry best practices for protecting your organization.

Security

We encrypt your data in transit and at rest, and provide administrative controls including single sign-on (SSO) and enforced two-factor authentication (2FA) via SSO to ensure that your data remains secure organization-wide. Sleuth also provides role-based access controls (RBAC) to help administrators manage access levels.
  • SSO via Google, GitHub & Bitbucket logins
  • 2FA via SSO providers
  • Role-based access control (RBAC)
  • Application audit logs (coming soon)

Reliability

Sleuth is designed for high performance and availability. We build our solution using best-in-class core technologies including AWS Fargate, RDS, Elasticsearch and ElastiCache. Our infrastructure spans three availability zones so we’re always available.
  • AWS managed services for data and backups
  • No long-lived servers, auto-security patching
  • No publicly exposed access to VPCs
  • Real-time status transparency

Compliance

We are pursuing our SOC® 2 Type 2 compliance certification and expect to succeed. We adhere to industry best practices:
  • Enforced SSO & 2FA and recurring user-access reviews
  • Enforced review for all code changes
  • Automated end-to-end testing of gated deployments
  • Encrypted network access and data storage

Privacy

We are committed to data privacy. We allow our customers to delete their data from our systems. We encrypt all sensitive data in our datastore. We use third-party bug-bounty programs for security testing.
  • Tested via third-party bug-bounty programs
  • GDPR compliant
  • Sensitive data encrypted within datastore
  • Minimal PII collection: email, name, linked accounts

Integration Access Levels

Sleuth relies on third-party integrations to track deployments. These applications ask for elevated privileges including, often, write access, enabling Sleuth to add webhooks and automate deployment data collection. All access is completely revocable. Sleuth will never use it for any purpose other than supporting deployments data and collecting deployment data.
  • GitHub/Bitbucket - Write access for webhook installation, PR merge statuses, PR merging
  • Rollbar - Write access for project token creation
  • Slack - Send notifications and read reactions
  • LaunchDarkly - Write access for webhook installation
If you discover a security vulnerability please email security@sleuth.ioRead our Disclosure Policy
Curve blue with gray emphasis