Skip to main content

Security

Security at Shipfox

At Shipfox, we prioritize the security and privacy of our users' data and CI/CD workflows. This document outlines our key security measures and commitments.

Infrastructure Security

Isolated Environments

Our infrastructure is built on a foundation of complete isolation between workloads. Each CI job operates in its own ephemeral virtual machine, created specifically for that job and destroyed immediately afterward. This architecture ensures maximum security and prevents any potential cross-contamination between different jobs or organizations.

Zero Data Retention

We implement a strict zero data retention policy for sensitive information. Your code and secrets are only temporarily accessible within the secure runner environment and are permanently erased after each job completion. This approach eliminates the risk of unauthorized access to sensitive data through persistent storage.

Enterprise-Grade Encryption

We employ comprehensive encryption protocols to protect all data:

  • All data at rest is encrypted using industry-standard algorithms and is only accessible to authorized organization accounts
  • Data in transit is secured using hardened TLS protocols, ensuring secure communication between all system components

Compliance & Audits

SOC 2

SOC 2 certification in progress, which verifies our security controls, data handling, and privacy practices through independent audits. This certification demonstrates our commitment to protecting customer data according to industry standards. Documentation is available upon request through our trust center.

Regular Penetration Testing

Our infrastructure undergoes regular penetration testing - a critical security practice where cybersecurity experts attempt to find and exploit vulnerabilities in our systems. This proactive approach helps us identify and fix potential security weaknesses before they can be exploited by malicious actors. Detailed reports of these assessments are available upon request.

Security Contact

For security-related inquiries or to report security issues, please contact our security team at [email protected].