Our actions show how seriously we take security
Overview
Our team has a history of working with extremely sensitive data, in-depth security knowledge and has built extremely secure systems. We’ve used all of this expertise to build and design AnalyticsVerse to be a robust and secure service. Our security program includes securing all fronts of processes, people, and application security.
AnalyticsVerse service is distributed across multiple AWS data centers to ensure high availability and quick restoration in case of failures.
Highest security standards
Audits and Certifications
As part of our security program, AnalyticsVerse goes through internal and external audits frequently. AnalyticsVerse also commits itself to ensure high application security by undergoing regular third-party VAPT (Vulnerability and penetration testing) testing. We are also an ISO 27001 certified organization and have all our security policies and processes in place in line with the gold standard in information security. View our certificate here.
All data at rest and in motion is encrypted
Data Encryption
All data that is stored and processed within AnalyticsVerse is encrypted at rest and in motion. AnalyticsVerse employs AWS best practices to ensure the database is secured and only accessible within the VPC and strict firewall settings are in place. State-of-the-art cryptographic algorithms are used to ensure the safety of your data.
Temporary access to your .git folder
Secure data handling and Destruction
AnalyticsVerse will pull the metadata of your repositories (.git folder) in a safe and per tenant containerized environment. Once the processing is done, the data is deleted and the infrastructure used to compute is also destroyed. AnalyticsVerse never stores your code in our ecosystem, however, we do store the analytics on top of it to provide the solution via our platform.
Read-only token stored securely with zero human access
Access tokens and Employee access points
We do understand the importance of the access tokens and what value that random string has, we never store it in any plaintext form in our database. We make use of AWS services specially designed to store secure tokens in a special and hardened environment. All tokens are under the user's control and can be revoked at any point in time.
No one within AnalyticsVerse has access to your codebase. We however on a need-to-know basis will grant access to our production environments to our employees to ensure a functional and correct platform.
Secured using oAuth 2.0 protocol and RBAC across the platform
User Authentication and Authorization
To enhance the security posture of our services, AnalyticsVerse makes use of a third-party identity provider to manage authentication. We make use of the oAuth 2.0 protocol to ensure only the authenticated users have access to our services. AnalyticsVerse platform also provides a way for role-based access control of our platform, meaning you can add users with different roles and permissions on the platform and we will manage the authorization. You can also create your own roles and define the access level that a user can have on our platform.
"A grade" security headers with frequent checks using tools like OWASP ZAP suite
Use of Security headers and Open source tools
All requests from the Internet to servers of AnalyticsVerse are encrypted using SSL. To protect AnalyticsVerse services from various attacks we make use of Security Headers. You can check out our current grade here. AnalyticsVerse development practices also involve timely use of open source tools like OWASP ZAP suite to simulate attacks and find vulnerabilities within our applications.
All payment information processed and stored by Stripe
Payment Information
We use third-party service Stripe for processing and storing payment information. From a security point of view Stripe is responsible for storing and securing payment-related information on AnalyticsVerse. Stripe is a PCI Level 1 Service Provider which is responsible for storing Payment Information. Stripe is also SOC 2 Type 2, SOC 2 Type 1, SOC 1 Type 1, and SOC 1 Type 1 certified.
No, we do not store your codebase in our ecosystem, we access your .git folders temporarily to process and store the analytics and insights within our ecosystem.
We have containerized and per customer computations that run in the background on infrastructure that gets destroyed as soon as the computations are complete. Thus even if you experience a multi-tenant cloud system, the underlying infrastructure that accesses your data and processes it runs separately.
Yes, when you authorize AnalyticsVerse to your organization on Jira or your repository provider we do ask for specific read-only rights that we need to process your information. Also after granting access you can always revoke the access either using the AnalyticsVerse platform or even using your repository provider / Jira’s platform.
No, when you integrate your organization with AnalyticsVerse, we do not start processing your data then, you need to create projects (set of repositories and Jira boards) after which we will access the selected repositories and Jira boards and and start processing that information.
Yes, you can delete your authentication tokens using our platform’s “Integrations” section or even revoke the tokens from your Git provider / Jira account settings.
No, we do not share or sell any of your repository analytics or metadata to any third-party organization.
Yes, all data stored including backups within AnalyticsVerse are encrypted.
We are an ISO 27001 certified organization thus we have all the policies and procedures in place that this standard demands, which include but are not limited to access control, human security, password, media handling, acceptable usage, cryptographic, data protection, and secure development policies.
We Integrate with the tools you rely on
Trusted by 400+ high performing engineering teams
