Safety & Security

The safety of your business relies on the tools that you use. In Buddy we go extra mile to make sure our service is secure, reliable and worth your trust.

Physical security

Buddy is hosted in ultra-safe Singlehop facilities with SSAE 16 and SAS 70 certifications and real-time backups to offsite servers. Our data center continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. For more information on the physical security processes, click here.

System Security

Buddy’s system installation is using a hardened, patched OS with dedicated firewall and VPN services that help block unauthorized access. We also employ industry-leading solutions to mitigate DDoS attacks.

Data exchange

All private data to and from Buddy is transmitted over SSL. All communication with the repository is done over SSH authenticated with keys, or via HTTPS using your Buddy username and password. All registered users are virtual and have no user account on our machines. The SSH credentials used to push and pull cannot be used to access a shell or the filesystem.

Payment details

If you decide to upgrade your account, we’ll ask you for the details of your credit card or PayPal account. We do not store this information on our servers: we are using Braintree, an external provider owned by PayPal used by companies like Uber, GitHub and Airbnb. All servers are PCI Compliant and monitored by SecurityMetrics in regards of security.

Passwords and Credentials

Passwords in Buddy are salted and hashed by one-direction encryption scripts. We do not store user passwords. Passwords and access keys used in delivery actions (FTP details, SSH, Amazon Access Keys, etc.) are salted and encrypted with two-direction encryption scripts and kept in this form in the database.

Buddy employee policy

Our employees never access private repositories unless required for support reasons and approved with your consent. We can view your code as the compressed Git database, never as plaintext files like in a local clone. On rare occasions, at your explicit request, we may need to pull a clone of your code; however, this will only be done upon your approval.

Backup and Maintenance

All data is backed up in real-time to local and offsite servers. Backup data is permanently removed after 3 weeks since the workspace cancellation. System maintenance is scheduled for every Tuesday at 07.30AM GMT and takes up to 5 minutes, unless stated otherwise on our Twitter channel. In case of large updates you will be notified in advance via email.

Service Level Agreement

We guarantee that your Buddy repository will be available through your assigned subdomain 100% of time in a given month, excluding scheduled weekly maintenance. We also guarantee that you will be able to access and commit to your repository 100% of the time in the month. If an outage occurs, we will issue a credit to your next bill for 5% of your monthly fee for every 30-minute period of downtime - up to 100% of your fee for the month.

Vulnerability reports

In case you’ve found a security vulnerability, please contact us at support@buddy.works. All efforts that help us improve security of the service will be rewarded with free workspaces and discounts. Thanks in advance!

Questions?

If you have any more questions regarding the safety and security of our service, drop a word to support@buddy.works and we'll get back in a snap.