At Deployment, we take security and compliance very seriously. Our mission is to ensure that our clients' source code, cloud environments, and data remain secure.
Please read on to learn more about our security processes and approaches.
For feedback or to report security vulnerabilities, please email security@deployment.io.
Encrypted Data - At rest and In transit
All your traffic in and out of Deployment is sent over HTTPS or TLS.
All your secrets are encrypted using industry standard AES-256 encryption.
All your data in database is encrypted on disk.
Data Retention Policy
All data stored by deployment.io is held for as long as you desire. We are just the custodian of your data, and you can request a full copy of your data at any time.
Please email data@deployment.io to request for your data.
Access to Your Source Code and Cloud
Deployment does not have any access to your cloud. The deployment runner is deployed in your cloud, and access to your cloud never leaves your environment.
Your source code is checked out using the deployment runner within your cloud. At no point do we check out your source code on our infrastructure without your permission.
Data Centers
We are hosted on AWS which helps us to provide a reliable service.
Oauth 2.0 Access Tokens
We never request for long-lived Oauth access tokens. The access tokens for GitHub, GitLab, and Slack are short-lived and are refreshed when they expire.
