We are hosted in SOC 2 accredited data centers. Physical security at our data centers include 24x7 monitoring, entry requirements and multiple access checks, and access logs. The data centers are resilient from physical, infrastructural, and environmental risks. PCI DSS Compliance In conjunction with our credit card processor, Stripe, we follow PCI Data Security Standards. We use a hosted payment field which originates directly from Stripe's PCI DSS validated servers. We never store your credit card number or security code.
Access to our system is only permitted through secure connectivity. We grant access on a need to know basis following the principle of least privilege. We revoke access immediately after employee termination.
The source code of each Pull Request that we analyze is processed in an isolated container. We access it via git and the GitHub API. We only retain your source code temporarily for as long as we need to in order to analyze it. We do not write your source code to a database or other persistent storage.
Lintron maintains and regularly an information security policy. Employees must acknowledge policies on an annual basis. Our policy includes incident response guidelines including investigation, mitigation, and customer notification.
Ultimately, no system for storing and transmitting data is perfectly secure. We cannot guarantee absolute security. If we learn of a security breach, we will notify affected users and provide all necessary information for them to respond and meet their own security requirements.
Lintron has a designated Security team which focuses on application, network, infrastructure, and system security. This team ensures compliance with our policies, performs incident response, and trains Lintron employees on security practices.
We perform periodic security assessments via automated security scanning and internal penetration testing. We remediate the findings in a timely manner.
Our development team follow secure coding best practices. All changes to the software are reviewed before they are included in the software and all changes are logged by author. We use a variety of automated tools to ensure that we detect and correct security issues. We apply critical server patches and dependency upgrades on a priority basis.
Logging and Monitoring
Our systems log information to a centrally managed log server for troubleshooting and security review. We grant access on an as-needed basis to these logs to Lintron employees.
You have a role to play in keeping your data safe. You must use a sufficiently strong password to protect your own data. You must also ensure that your own systems are secure.