Security
Shipfox is designed to ensure your data is safe when running on our platform.
Security at Shipfox
Shipfox prioritizes the security and privacy of your data and CI/CD workflows. This page outlines the key security measures built into our platform.
Infrastructure Security
Isolated Environments
Each CI job runs in a dedicated, ephemeral virtual machine.
- VMs are created fresh for every job.
- They are fully isolated from other jobs and organizations.
- VMs are destroyed immediately after job completion.
This prevents cross-contamination and ensures complete job isolation.
Zero Data Retention
We enforce a zero data retention policy for sensitive data:
- Code, secrets, and artifacts are only available during job execution.
- Data is automatically deleted once the job ends.
- No persistent storage is used for customer workloads.
This reduces the risk of unauthorized access.
Enterprise-Grade Encryption
All data is encrypted by default, both at rest and in transit:
- At rest: Encrypted using strong, industry-standard algorithms.
- In transit: Protected using hardened TLS protocols.
Only authorized accounts can access encrypted data.
Compliance & Audits
SOC 2
Shipfox is SOC 2 Type 1 certified.
- Independent audits verify our security controls and data handling.
- Certification ensures compliance with industry-standard privacy practices.
- Official reports available on request through our Trust Center.
Penetration Testing
We conduct regular penetration tests:
- Performed by external security experts.
- Simulate real-world attacks to identify vulnerabilities.
- Findings are remediated promptly.
- Reports are available on request.
Security Contact
To report a vulnerability or ask security-related questions: 📫 security@shipfox.io.