Shipfox

Security

Shipfox is designed to ensure your data is safe when running on our platform.

Security at Shipfox

Shipfox prioritizes the security and privacy of your data and CI/CD workflows. This page outlines the key security measures built into our platform.

Infrastructure Security

Isolated Environments

Each CI job runs in a dedicated, ephemeral virtual machine.

  • VMs are created fresh for every job.
  • They are fully isolated from other jobs and organizations.
  • VMs are destroyed immediately after job completion.

This prevents cross-contamination and ensures complete job isolation.

Zero Data Retention

We enforce a zero data retention policy for sensitive data:

  • Code, secrets, and artifacts are only available during job execution.
  • Data is automatically deleted once the job ends.
  • No persistent storage is used for customer workloads.

This reduces the risk of unauthorized access.

Enterprise-Grade Encryption

All data is encrypted by default, both at rest and in transit:

  • At rest: Encrypted using strong, industry-standard algorithms.
  • In transit: Protected using hardened TLS protocols.

Only authorized accounts can access encrypted data.

Compliance & Audits

SOC 2

Shipfox is SOC 2 Type 1 certified.

  • Independent audits verify our security controls and data handling.
  • Certification ensures compliance with industry-standard privacy practices.
  • Official reports available on request through our Trust Center.

Penetration Testing

We conduct regular penetration tests:

  • Performed by external security experts.
  • Simulate real-world attacks to identify vulnerabilities.
  • Findings are remediated promptly.
  • Reports are available on request.

Security Contact

To report a vulnerability or ask security-related questions: 📫 security@shipfox.io.