Security
We encrypt your data in transit and at rest, and provide administrative controls including single sign-on (SSO) and enforced two-factor authentication (2FA) via SSO to ensure that your data remains secure organization-wide. Sleuth also provides role-based access controls (RBAC) to help administrators manage access levels.
- SSO via Google, GitHub, Bitbucket, GitLab, Microsoft, or SAML logins
- 2FA via SSO providers
- Role-based access control (RBAC)
- Continuous bug bounty program running via BugCrowd
Compliance
We are SOC® 2 Type 2 compliant, certified by an independent third-party auditor. We adhere to industry best practices:
- Enforced SSO & 2FA and recurring user-access reviews
- Enforced review for all code changes
- Automated end-to-end testing of gated deployments
- Encrypted network access and data storage
Privacy
We are committed to data privacy. We allow our customers to delete their data from our systems. We encrypt all sensitive data in our datastore. We use third-party bug-bounty programs for security testing.
- Tested via third-party bug-bounty programs
- GDPR compliant
- Sensitive data encrypted within datastore
- Minimal PII collection: email, name, linked accounts
Reliability
Sleuth is designed for high performance and availability. We build our solution using best-in-class core technologies including AWS Fargate, RDS, Elasticsearch, and ElastiCache. Our infrastructure spans three availability zones so we’re always available.
- AWS managed services for data and backups
- No long-lived servers, auto-security patching
- No publicly exposed access to VPCs
- Real-time status transparency
Integration Access Levels
Sleuth relies on third-party integrations to track deployments. These applications ask for elevated privileges including, often, write access, enabling Sleuth to add webhooks and automate deployment data collection. All access is completely revocable. Sleuth will never use it for any purpose other than supporting deployments data and collecting deployment data.
See List of Integration Access Levels by Application
