Security at SafeStack

At SafeStack, we practice what we preach. We have an in-depth security program and we're dedicated to continually improving it.

Protecting people, data and systems is our business


We teach organizations worldwide how to build secure software. It makes sense then that we practice what we preach. Security is built into all of our practices at SafeStack and we are happy to answer questions should you have them.

  • Everyone has something to learn and a role to play

    The entire SafeStack team are trained on security best practices and share responsibility for maintaining our controls.

  • Security is never finished

    Security is a fast moving area and there are always new threats to consider. We adapt and improve our practices frequently to respond.

Learning paths with 100% completion

Want to know more?

If you are thinking about using our platform in your organization, you may have questions about our security practices. We get it. To make your life a little easier, here are some answers to common security questions.

  • We collect the following personally identifiable information for authentication and user identification purposes.

    This information is stored securely and shared responsibly with third parties only on a need-to-know basis, to provide application functionality:

    Full name

    Email address

    Company name

    Credit card information (if applicable)

    IP address

  • SafeStack doesn’t store any password-related information.

    We trust our industry experts at Auth0 to store all authentication and authorization-related information. This means our integration with Auth0 drives authentication itself.

  • A small subset of SafeStack’s team has access to the products and customer data via controlled interfaces.

    This access intends to provide practical customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.

  • All application data stored with SafeStack is encrypted at rest using the industry-standard AES-256 encryption algorithm on the database server(s).

    In addition, all network communication uses a minimum TLS version 1.2 for encrypting data in transit.

  • The SafeStack platform was designed from the ground up to be a secure, multi-tenant SaaS application. Platform design ensures a sufficient level of isolation between tenants, organizations within tenants, and groups within organizations.

    Our role-based access control policies ensure that only users with specific roles can perform specific operations in the application. These roles and their corresponding allowed actions are well documented.

  • SafeStack uses Amazon Web Services (AWS) as its cloud service provider and leverages AWS’ security and compliance controls for data center physical security and cloud infrastructure.

    You can find further resources for this service provider on the AWS Security Cloud website.

  • The SafeStack platform is continuously monitored to detect performance trends, connectivity issues, downtime, availability, errors, as well as many other operational matters.

    Our engineering team is alerted about high-priority issues within seconds of their occurrence so they can be investigated as quickly as possible.

  • SafeStack uses a centralized log management solution to capture various application-level logs, including backend and browser logs.

    Logging is used extensively for troubleshooting, alerting, and support purposes. All application logs have a retention period of 15 days, at which point they’re automatically and permanently deleted.

    All activity in our AWS environment(s), either automated or by SafeStack personnel, is logged using AWS CloudTrail for verification purposes.

  • SafeStack regularly undergoes an external penetration test by an independent third party.

  • We appreciate any effort to find and coordinate the disclosure of security vulnerabilities. While we don’t have a bug bounty program or offer monetary rewards for vulnerability reports, we may provide swag or other acknowledgment or recognition in product updates.

    If you’d like to report a vulnerability or you have security concerns about any SafeStack systems, please email security@safestack.io

  • We back up all critical customer data automatically and continuously before significant releases. We also retain backups for many weeks and can perform point-in-time recovery. We leverage the backup and restore features provided by AWS RDS to ensure reliable and secure backups.

  • We’re well-versed with common disaster recovery scenarios and have plans to perform recovery drills for various types of disasters.

    You can rely on our team’s collective experience to deal with disaster situations. In turn, we can rely on our well-established and constantly improving DevOps practices to keep downtime to a minimum and ensure our learners always have access to what they need in our platform.