Safety & Security

The safety of your business relies on the tools you use. In Buddy, we go an extra mile to ensure our Service is worth your trust.

Contact our security expert

Security at Buddy

  • SOC2

    Security confirmed by SOC2 Type II certification.

  • PCI

    Full compliance with PCI Data Security Standards.

  • GDPR

    Full compliance with EU General Data Protection Regulation.

  • Server Location Regions

    Choose between US and European servers, or host code on your own infrastructure.

  • SSO/SAML

    Sign in to your workspace with any SAML-compliant identity provider.

  • Automated backups

    Real-time backups to AWS infrastructure in diversified regions.

  • IP Filtering

    Restrict workspace access to a pool of selected IP addresses.

  • Advanced RBAC

    Authorize with tokens or role assumption. Granulate permissions to projects and pipelines. Define scope of integrations.

  • DDoS mitigation

    Hardened OS with dedicated firewall and VPN services help mitigate unauthorized access.

Trusted by 10,000+ developers

  • rakuten
  • Costa
  • Sonar Source
  • Docplanner
  • CGI
  • Six Flags
  • Spryker
  • Barstool Sports
  • Kinsta
  • AutoFi
  • Saudi TourisAuthority
  • Seequent
  • Campaign Monitor
  • rakuten
  • Costa
  • Sonar Source

Physical security

Buddy is hosted in secure-by-design Amazon Web Services facilities that continually manage risk and undergo recurring assessments to ensure compliance with industry standards. This includes independent policies for physical access, monitoring & logging, surveillance & detection, device management, operational support systems, infrastructure maintenance, and governance & risk.

System Security

Buddy’s system installation is using a hardened, patched OS with dedicated firewall and VPN services that help block unauthorized access. We also employ industry-leading solutions to mitigate DDoS attacks. Our servers are under constant surveillance by SecurityMetrics with security audits performed every quarter in accordance to AWS Security Audit Guidelines.

Penetration testing

Buddy undergoes third party penetration tests each time a new major functionality is being released. Moreover, a thorough penetration tests are carried out at least once a year as per Soc 2 Type 2 criteria.

Data exchange

All private data to and from Buddy is transmitted over SSL. All communication with the repository is done over SSH authenticated with keys, or via HTTPS using your Buddy username and password. All registered users are virtual and have no user account on our machines. The SSH credentials used to push and pull cannot be used to access a shell or the filesystem.

Payment details

If you decide to upgrade your account, we’ll ask you for the details of your credit card or PayPal account. We do not store this information on our servers: we are using Braintree, an external provider owned by PayPal used by companies like Uber, GitHub and Airbnb. All servers are PCI Compliant and monitored by SecurityMetrics in regards to security.

Passwords and Credentials

Passwords in Buddy are salted and hashed by one-direction encryption scripts. We do not store user passwords. Passwords and access keys used in delivery actions (FTP details, SSH, Amazon Access Keys, etc.) are salted and encrypted with two-direction encryption scripts and kept in this form in the database.

Buddy employee policy

Our employees never access private repositories unless required for support reasons and approved with your consent. We can view your code as a compressed Git database, but never as plaintext files like in a local clone. On rare occasions, at your explicit request, we may need to pull a clone of your code; however, this will only be done upon your approval. All cloned repositories are deleted as soon as the support issue has been resolved.

The employee policy applies to all type of private data stored in Buddy, such as server authentication details, authentication data with third-party integrations, or personal user information. All data is stored in encrypted form and can only be accessed by our team for security or maintenance, or for support reasons, on your explicit permission.

All Buddy personnel is trained towards security compliance and subject to privacy agreements. New employees follow a structured onboarding process to get familiar with tools, processes, systems, policies, and procedures. Compliance audits are performed so that employees understand and follow the established policies.

Backup and Maintenance

System maintenance is scheduled for every Tuesday at 06.00AM GMT and takes up to 5 minutes unless stated otherwise on our Twitter channel. In case of large updates you will be notified in advance via email.

All data is backed up in real-time to AWS infrastructure in diversified AWS regions. Buddy employees have no access to stored data unless given explicit permission to solve a support request. Backup data is permanently removed after 3 weeks since the workspace cancellation.

Service Level Agreement

We guarantee that your Buddy repository will be available through your assigned subdomain 100% of the time in a given month, excluding scheduled weekly maintenance. We also guarantee that you will be able to access and commit to your repository 100% of the time in the month. If an outage occurs, we will issue a credit to your next bill for 5% of your monthly fee for every 30-minute period of downtime - up to 100% of your fee for the month.

Buddy Enterprise

Buddy Enterprise is the on-premises version of Buddy. It operates on your infrastructure, which means it is governed by your existing information security controls: from firewalls and VPNs, to identity and access management and monitoring systems. You can read about Buddy Enterprise security here.

Questions?

If you have any questions regarding the safety and security of our Service, drop a word to support@buddy.works and we’ll get back in a snap.