Security
Security and trust are top priorities
At SquaredUp, we maintain high standards of data privacy and security. Read the below to learn about our data security policies, how we store your data and more. Please contact SquaredUp Support if you have any questions.
Data Security
Data both at rest and in transit is encrypted:
Data at rest is encrypted using industry-standard AES-256 algorithms.
Data in-transit is encrypted using HTTPS (TLS 1.2 and higher is negotiated).
ISO 27001:2013 Framework
SquaredUp is proud to be ISO 27001:2013 certified. Data security is managed in accordance with the ISO 27001:2013 framework. Certification to this standard demonstrates our commitment to the management of security. ISO 27001 is a security management standard that specifies security management best practices, and it's implementation demands a rigorous security program including an Information Security Management System (ISMS).
Contact our support team in-app or via SquaredUp Support if you need any further information.
Data Stored
User email addresses and, if using email/password sign-in, user passwords are stored to provide sign-in functionality. Note that SquaredUp user passwords (where using email/password sign-in) are not retrievable or recoverable, even by SquaredUp, therefore lost/forgotton passwords will need to be reset.
Configuration data such as organization, workspace, and dashboard names and their configuration.
Graph data indexed via data sources - the exact properties stored varies by data source but is typically the names and types of objects such as hosts, repositories, pipelines, databases, functions, containers, and so on, along with the relevant metadata and the relationships between them. This data is indexed to know where to find it so that data about these objects can be read on-demand when a dashboard is displayed.
Graph data computed by SquaredUp, such as the state of monitors and the derived correlations between objects.
Data is stored geographically, see Architecture
Note that API keys (if used for API access) are not stored in their entirety. Only the last 4 characters are stored for display purposes, along with a SHA-256 hash of the API key to authenticate an application accessing the API.
Policies
Bug Disclosure Process
We regularly and periodically engage with third party accredited vendors to perform external security testing of our infrastructure and offerings.
We take security seriously, and we're interested to hear any comments or reports about our products or websites.
If you believe you've found something of interest, please contact us at security@squaredup.com
You can (optionally) encrypt your communications with our PGP public key