This Security Policy outlines the measures we take to protect you and your stakeholders when you use webapp.io the “Website”.
webapp.io's core goal is to give our users a systematic way to evaluate the quality of their code. To pass security audits (such as SOC 2 Type II), you can use webapp.io as a core system to ensure systems and performance are consistent.
By leveraging our industry-leading caching system, you can populate a database with an anonymized dump of production data in seconds at the beginning of your webapp.io builds. This allows you to ensure that proposed changes will maintain data integrity and pass any necessary security gates.
We store certain Personally Identifiable Information when you register for webapp.io. This information consists of:
We do not store any passwords or password hashes. Authentication is done entirely through third party providers when you log in.
We do not store any payment card information. Our payments are processed by Stripe, a PCI-compliant payment processor.
From the point that you install webapp.io to the point that you uninstall it, we may store a locally cached copy of any repositories for which you request we start CI runs for.
This local copy is only accessible by authorized employees of webapp.io, and our hosting provider.
webapp.io allows you to store secret values in a special section of the run dashboard and expose them with the
SECRET ENV directive.
These secrets are encrypted at rest with military-grade AES256. They are only accessible by administrators of your webapp.io account and authorized employees of webapp.io.
Staging servers exposed through
EXPOSE WEBSITE can be exposed to the internet if they are not marked as "private." It's your prerogative to ensure that no sensitive data is exposed inadvertently by posting a link to the staging server, or creating a route to a staging server that is publicly accessible.
To maximize security, we recommend not putting any sensitive information on any server exposed by
Only authorized employees of webapp.io are given access to our production servers. These employees are senior engineering leaders and executives of webapp.io, which have been thoroughly vetted.
Webapp.io allows organizations to configure Role Based Access Control (RBAC) for their users. A full list of the permissions available to administrators and their functionalities can be viewed in Our Documentation