Security

Enterprise-Grade Security

Your security is our top priority. We implement industry-leading practices to protect your data.

Security Features

How We Protect Your Data

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your code and secrets are always protected.

SOC 2 Type II Certified

We maintain SOC 2 Type II compliance with annual audits by independent third-party security firms.

Access Control

Role-based access control (RBAC), SSO support via SAML/OIDC, and comprehensive audit logs for all activity.

Secrets Management

Environment variables and secrets are encrypted and never exposed in logs or build outputs.

Network Security

DDoS protection, WAF, and isolated network environments for each deployment.

Bug Bounty Program

We run an active bug bounty program. Responsible disclosure is rewarded generously.

Hosted on SOC 2 compliant cloud providers (AWS, GCP)
Multi-region redundancy and failover
DDoS protection on all endpoints
Regular penetration testing by third parties
24/7 security monitoring and alerting
Automated vulnerability scanning

Secure development lifecycle (SDL)
Mandatory code review for all changes
Automated SAST and DAST scanning
Dependency vulnerability monitoring
Regular security training for all employees
Incident response procedures

AES-256 encryption at rest
TLS 1.3 encryption in transit
Automated daily backups
Point-in-time recovery
Data residency options (US, EU)
GDPR and CCPA compliance

Report a Vulnerability

Found a security issue? We take all reports seriously and respond within 24 hours. Responsible disclosure is rewarded through our bug bounty program.

security@shipyard.dev

What to Include

Description of the vulnerability
Steps to reproduce
Potential impact
Your contact information