Data security & privacy

Learn more about how we safeguard our information 
assets, and those of our customers, against misuse, 
abuse or compromise.

Secure code warrior

Trusted by over 600 enterprises globally

Our approach

Security and privacy our way

Your data is important to us. Security and privacy standards are baked into everyday processes throughout our organization.

Read our Security and Privacy FAQ for more information on commonly asked questions relating to our security and privacy practices.


How we secure our products

Cloud security & best practices

Our services are hosted on Amazon Web Services infrastructure and we use MongoDB Atlas for storage. We leverage their world-class data centers in the US and EU to protect information and meet core security and compliance requirements. More information about their security practices is available at: AWS Security & MongoDB Security

Training & awareness

As part of our initial onboarding process, as well as on an ongoing basis (at least annually), all staff receive training regarding their respective information security/privacy obligations. In addition. our engineers perform secure code training on the OWASP Top 10

Vulnerability management

We continuously monitor for malicious activity, and regularly scan our infrastructure, applications and third-party libraries for known vulnerabilities. All our products go through a series of peer reviews and security assessments prior to deployment, including third-party library scanning, static code analysis and static container analysis. We also regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.

Access & authentication

We support single sign-on (SSO) so you can implement your own authentication systems to control access to our platform.Within Secure Code Warrior, we implement least privilege principles and access to production data is restricted through security groups and limited to staff that strictly need it for support. We also use multi-factor authentication (MFA) and ephemeral credentials to strictly control access to production systems

Our security program

Your personal data is important to us and we are committed to protecting it through close adherence to international regulations and industry best practice.

Security certification & documentation

AICPA SOC 2 Type 2

We know that you entrust Secure Code Warrior with confidential information from your use of our product offerings. To this end, we take the protection and confidentiality of your data extremely seriously. We continuously pursue the highest technical standards, organizational measures, and industry-recognized best practices so that all of our customers have trust and confidence in Secure Code Warrior.

To show our commitment, Secure Code Warrior has successfully attained its SOC 2 Type II report demonstrating that we have the appropriate controls in place to mitigate risks related to security, availability, and confidentiality. A SOC 2 report is designed to meet the needs of customers who require assurance about the effectiveness of controls of a SaaS vendor like Secure Code Warrior. The report is the outcome of an audit performed by an independent third-party firm certified by the American Institute of CPAs (AICPA).

These audits are an industry-wide standard to assess the data security and privacy of software vendors. Our Type II audit is the most robust type and set out to prove that we had controls in place for a sustained period of time, exhibiting reliable and consistent safeguards in place to protect our customers’ data. If you are interested in our SOC 2 report, reach out to your account manager or email our support team -

ISO 27001:2013 / ISO 27701:2019

In addition to our SOC 2 Type II report, Secure Code Warrior is also certified against the ISO 27001 and ISO 27701 standards to further enhance our security and privacy posture.

Click the links below to view and validate our ISO certifications.

Assessment questionnaires

The following resources are provided in Secure Code Warrior's Security pack.
If you require the following resources, kindly reach out to your account manager or email our support team  -

- Shared Assessment SIG Lite Questionnaire
- Cloud Security Alliance CAIQ


Read our Security and Privacy Whitepaper to learn more about how we leverage policies, procedures and AWS’ world-class security features to protect our information assets.


Report a vulnerability

If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.

Responsible disclosure policy 

Our privacy team

Your personal data is important to us and we are committed to protecting it through close adherence to international regulations and industry best practice.

Privacy policy

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.

For more information about how and why we process personal data, please refer to our privacy policy. This applies to anyone that visits our website, uses our platform or otherwise engages with us or our services.

Privacy policy


We use essential cookies to help make sure our website and platform are functioning properly, and to deliver the secure and sleek service you expect from us. For more information about how and why we use cookies (including non-essential cookies), please refer to our cookie policy.

Cookie policy

GDPR and beyond

We recognize the importance of safeguarding the personal information we handle and are committed to meeting, and helping our customers meet, the relevant data protection regulations that apply worldwide. We do so by aligning ourselves with the EU GDPR’s requirements and industry best practice.

Click the link below for more information.

GDPR and beyond

Data processing addendum

Our data protection addendum is tailored to our service and designed to meet the international contractual needs of our customers.

It incorporates EU and UK GDPR requirements (including Standard Contractual Clauses for international transfers) and additional provisions for the CCPA.

Data processing addendum


We work with a carefully vetted selection of third parties who process personal data on our behalf to help deliver our services.

Click the link below for a list of our current sub-processors. 

List of sub-processors

International transfers

We conduct Transfer Impact Assessments when  transferring personal data outside of the EEA/UK and ensure appropriate safeguard are in place before doing so.

For more information, please read our page on international transfers.

International transfers

Our legal team

Our dedicated Legal team helps our business meet the needs of our customers by providing strategic advice on an increasingly complex, global and ever-changing regulatory landscape.

Terms of use

Click the links below to access our terms of use for the Secure Code Warrior website and APIs.

Website terms of use 

SCW API terms of use

Customer agreements and terms

Click the links below to access our subscription and service level agreements for customers.

SCW SaaS Agreement - Customers

SCW SaaS Agreement- Reseller

Service level agreement (SLA)

Data processing addendum

Partner agreement and terms

Click the links below to access our subscription and service level agreements for partners. 

Partner deal registration T&Cs

Service level agreement (SLA)

Data processing addendum

Other documents

Click the below links to access other legal documents that may be appropriate to your relationship with Secure Code Warrior.

Secure Code Warrior Sensei License T&Cs

Entry into SCW Devlympics T&Cs


W9 taxpayer identification


Looking for something more specific?

Additional privacy and security documents are available upon request, but may require a mutual non-disclosure agreement to be completed. Please complete the form below and we'll be in contact with you to explore your request.

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.