GitDailies Security and Compliance
GitDailies adheres to industry-leading security standards and best practices. We recognize that security is a cornerstone of trust and we continuously monitor, review, and enhance our security posture.
Here’s an overview of our approach:
Development
- All engineers have security-awareness training.
- Secure coding practices are strictly adhered to.
- Minimal dependencies are used, and they are continuously monitored for vulnerabilities.
- All code and build artifacts undergo automated security scanning during development and in production.
Operations
- Our systems are continuously monitored by industry-leading threat detection and compliance systems.
- We operate proper management and encryption of application secrets.
- Employee access to data is strictly controlled and the “principle of least privilege” is always followed.
- All data is encrypted “at rest”, and sensitive database fields receive a second layer of encryption.
- All network communication is encrypted with TLS.
SOC2 / ISO 27001 / NIST 800-53
- GitDailies’ systems are continuously monitored by Google Cloud Platform’s Security Command Center for compliance with 19 security standards, including SOC2, ISO 27001 and NIST 800-53.
- For all 19 monitored standards, Security Command Center gives the GitDailies service a perfect 100% compliance score.
- Please contact us with any with security questionnaires or to discuss your specific needs.
User Authentication
- GitHub’s industry-leading auth systems perform all user authentication for GitDailies.
- Privileges in GitDailies map exactly to those in GitHub. If a member of your org can’t see a repo in GitHub, they won’t see that repo in GitDailies either.
GitHub Permissions
- The GitDailies app has strictly read-only access to GitHub.
- You have complete control over exactly which repositories are visible to GitDailies.
- The GitDailies app uses the minimum possible permissions.
Legal Compliance
- GitDailies is developed by Lysning Digital AS in Norway.
- Norway is a member of the European Economic Area (“EEA”), which ensures that all EU data protection and privacy laws (including GDPR) apply.
- See our Privacy Policy and Terms of Service for legal guarantees of service.
Email us or book a call to discuss your specific requirements or submit security questionnaires.