Your data is important to us. Security and privacy standards are baked into everyday processes throughout our organization.
Read our Security and Privacy FAQ for more information on commonly asked questions relating to our security and privacy practices.
Our services are hosted on Amazon Web Services infrastructure and we use MongoDB Atlas for storage. We leverage their world-class data centers in the US and EU to protect information and meet core security and compliance requirements. More information about their security practices is available at:
As part of our initial onboarding process, as well as on an ongoing basis (at least annually), all staff receive training regarding their respective information security/privacy obligations. In addition. our engineers perform secure code training on the OWASP Top 10
We continuously monitor for malicious activity, and regularly scan our infrastructure, applications and third-party libraries for known vulnerabilities.
All our products go through a series of peer reviews and security assessments prior to deployment, including third-party library scanning, static code analysis and static container analysis. We also regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.
We support single sign-on (SSO) so you can implement your own authentication systems to control access to our platform.
Within Secure Code Warrior, we implement least privilege principles and access to production data is restricted through security groups and limited to staff that strictly need it for support. We also use multi-factor authentication (MFA) and ephemeral credentials to strictly control access to production systems
We are committed to providing a highly secure and reliable platform using proven, tested, best-in-class technologies, practices, and procedures.
Click the links below to view and validate our ISO certifications.
The following resources are provided in Secure Code Warrior's Security pack.
If you require the following resources, kindly reach out to your account manager or email our support team - firstname.lastname@example.org
- Shared Assessment SIG Lite Questionnaire
- Cloud Security Alliance CAIQ
If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.
Your personal data is important to us and we are committed to protecting it through close adherence to international regulations and industry best practice.
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.
We recognize the importance of safeguarding the personal information we handle and are committed to meeting, and helping our customers meet, the relevant data protection regulations that apply worldwide. We do so by aligning ourselves with the EU GDPR’s requirements and industry best practice.
Click the link below for more information.
Our data protection addendum is tailored to our service and designed to meet the international contractual needs of our customers.
It incorporates EU and UK GDPR requirements (including Standard Contractual Clauses for international transfers) and additional provisions for the CCPA.
We work with a carefully vetted selection of third parties who process personal data on our behalf to help deliver our services.
Click the link below for a list of our current sub-processors.
We conduct Transfer Impact Assessments when transferring personal data outside of the EEA/UK and ensure appropriate safeguard are in place before doing so.
For more information, please read our page on international transfers.
Our dedicated Legal team helps our business meet the needs of our customers by providing strategic advice on an increasingly complex, global and ever-changing regulatory landscape.