Security
Your data security is our top priority. Learn how we protect your information and maintain the highest security standards.
Our Commitment to Security
At StatusDrift, security isn’t an afterthought – it’s built into everything we do. We understand that you’re trusting us with critical information about your infrastructure, and we take that responsibility seriously.
Data Encryption
We use industry-standard encryption to protect your data at every stage.
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS across all connections and use HSTS to prevent downgrade attacks.
Encryption at Rest
All stored data is encrypted using AES-256 encryption. Database backups, and file storage are all encrypted to ensure your data remains secure even at rest.
Infrastructure Security
Our infrastructure is designed with security as a core principle.
Network Security
Our infrastructure uses firewalls, and DDoS protection. We segment our networks to isolate sensitive systems and minimize attack surfaces.
Access Controls
We implement strict role-based access controls. All access to production systems requires is logged for audit purposes.
Regular Audits
We conduct regular security assessments. Vulnerabilities are addressed promptly according to our security response procedures.
Privacy & Compliance
We’re committed to protecting your privacy and complying with global data protection regulations.
GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) for all users in the European Union. This includes:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure (right to be forgotten)
- Right to data portability
- Clear consent mechanisms for data processing
- Data Processing Agreements (DPA) available upon request
CCPA Compliance
We comply with the California Consumer Privacy Act (CCPA) for California residents. This includes:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising your rights
- Transparent disclosure of data practices
Data Handling Practices
Data Minimization
We only collect data that is necessary to provide our services. We don’t sell your data to third parties, and we only share data with service providers who are contractually obligated to protect it.
Data Retention
We retain your data only for as long as necessary to provide our services or as required by law. When you delete your account, we remove your personal data within 30 days, except where retention is required for legal or compliance purposes.
Data Location
Your data is stored in secure data centers located in the United States and European Union. Enterprise customers can request specific data residency requirements to meet their compliance needs.
Subprocessors
We maintain a list of subprocessors who may process your data on our behalf. All subprocessors are bound by data protection agreements and are regularly reviewed for compliance with our security standards.
Application Security
We build security into our application from the ground up.
Secure Development
- Security-focused code reviews
- Automated vulnerability scanning
- Dependency monitoring and updates
- Secure coding guidelines
- Regular security training for developers
Account Security
- Two-factor authentication (2FA)
- Single sign-on (SSO) support
- Session management and timeouts
- Login attempt monitoring
- Password strength requirements
Responsible Disclosure
We appreciate the security research community’s efforts in helping us maintain a secure platform. If you discover a security vulnerability, please report it to us responsibly:
- Email us at [email protected]
- Provide detailed information about the vulnerability
- Allow us reasonable time to investigate and address the issue
- Do not access or modify other users’ data
- Do not disclose the vulnerability publicly until we’ve addressed it
We commit to acknowledging your report within 48 hours and keeping you informed of our progress.
Questions?
If you have any questions about our security practices or need additional information for your compliance requirements, please don’t hesitate to reach out:
- General inquiries: [email protected]
- DPA requests: [email protected]
- Data subject requests: [email protected]
Ready to Get Started?
Join thousands of teams who trust StatusDrift to monitor their services.