SLEUTH TRUST CENTER

Security is very important to us. We follow industry best practices for protecting your organization.
Try Now FREE
Security
Compliance
Privacy
Reliability
Integration Access Levels

Security

We encrypt your data in transit and at rest, and provide administrative controls including single sign-on (SSO) and enforced two-factor authentication (2FA) via SSO to ensure that your data remains secure organization-wide. Sleuth also provides role-based access controls (RBAC) to help administrators manage access levels.
  • SSO via Google, GitHub, Bitbucket, GitLab, Microsoft, or SAML logins
  • 2FA via SSO providers
  • Role-based access control (RBAC)
  • Continuous bug bounty program running via BugCrowd

Compliance

We are SOC® 2 Type 2 compliant, certified by an independent third-party auditor. We adhere to industry best practices:
  • Enforced SSO & 2FA and recurring user-access reviews
  • Enforced review for all code changes
  • Automated end-to-end testing of gated deployments
  • Encrypted network access and data storage

Privacy

We are committed to data privacy. We allow our customers to delete their data from our systems. We encrypt all sensitive data in our datastore. We use third-party bug-bounty programs for security testing.
  • Tested via third-party bug-bounty programs
  • GDPR compliant
  • Sensitive data encrypted within datastore
  • Minimal PII collection: email, name, linked accounts

Reliability

Sleuth is designed for high performance and availability. We build our solution using best-in-class core technologies including AWS Fargate, RDS, Elasticsearch, and ElastiCache. Our infrastructure spans three availability zones so we’re always available.
  • AWS managed services for data and backups
  • No long-lived servers, auto-security patching
  • No publicly exposed access to VPCs
  • Real-time status transparency
puzzle piece

Integration Access Levels

Sleuth relies on third-party integrations to track deployments. These applications ask for elevated privileges including, often, write access, enabling Sleuth to add webhooks and automate deployment data collection. All access is completely revocable. Sleuth will never use it for any purpose other than supporting deployments data and collecting deployment data.
See List of Integration Access Levels by Application
If you discover a security vulnerability please contact us.
Read our disclosure policy.
REPORT A VULNERABILITY