GitDailies Security and Compliance
GitDailies adheres to industry-leading security standards and best practices. We recognize that security is a cornerstone of trust and we continuously monitor, review, and enhance our security posture.
Here’s an overview of our approach:
Development
- All engineers have security-awareness training.
- Secure coding practices are strictly adhered to.
- Minimal dependencies are used, and they are continuously monitored for vulnerabilities.
- All code and build artifacts undergo automated security scanning during development and in production.
Operations
- Our systems are continuously monitored by industry-leading threat detection and compliance systems.
- We operate proper management and encryption of application secrets.
- Employee access to data is strictly controlled and the “principle of least privilege” is always followed.
- All data is encrypted “at rest”, and sensitive database fields receive a second layer of encryption.
- All network communication is encrypted with TLS.
SOC2 / ISO 27001 / NIST 800-53
- GitDailies’ systems are continuously monitored by Google Cloud Platform’s Security Command Center for compliance with 19 security standards, including SOC2, ISO 27001 and NIST 800-53.
- For all 19 monitored standards, we achieve a perfect 100% compliance score. Please contact us for a detailed list of all standards.
- GitDailies has not yet applied for official SOC2 certification, but we are confident that we will meet your SOC2 security requirements. Many existing GitDailies customers are SOC2 certified, and they have all carefully examined our security posture and were happy with our approach. Please contact us with any with security questionnaires or to discuss your specific needs.
User Authentication
- GitHub’s industry-leading auth systems perform all user authentication for GitDailies.
- Privileges in GitDailies map exactly to those in GitHub. If a member of your org can’t see a repo in GitHub, they won’t see that repo in GitDailies either.
GitHub Permissions
- The GitDailies app has strictly read-only access to GitHub.
- You have complete control over exactly which repositories are visible to GitDailies.
- The GitDailies app uses the minimum possible permissions.
Legal Compliance
- GitDailies is developed by Lysning Digital AS in Norway.
- Norway is a member of the European Economic Area (“EEA”), which ensures that all EU data protection and privacy laws (including GDPR) apply.
- See our Privacy Policy and Terms of Service for legal guarantees of service.
Email us or book a call to discuss your specific requirements or submit security questionnaires.