Keeping you safe

Security At SafeStack

At SafeStack, we practice what we preach. We have an in-depth security program and we’re dedicated to continually improving it.

Protecting people, data and systems is our business

We teach organizations worldwide how to build secure software. It makes sense then that we practice what we preach. Security is built into all of our practices at SafeStack and we are happy to answer questions should you have them.

Everyone has something to learn and a role to play

The entire SafeStack team are trained on security best practices and share responsibility for maintaining our controls.

Security is never finished

Security is a fast moving area and there are always new threats to consider. We adapt and improve our practices frequently to respond.

The SafeStack team are sitting on a giant shield representing the SafeStack appsec training platform next to the logos of major SSO providers such as Azure AD, Google Workspaces and Okta.

Want to know more?

If you are thinking about using our platform in your organization, you may have questions about our security practices. We get it. To make your life a little easier, here are some answers to common security questions.

We collect the following personally identifiable information for authentication and user identification purposes.

This information is stored securely and shared responsibly with third parties only on a need-to-know basis, to provide application functionality.

Full name
Email address
Company name
Credit card information (if applicable)
IP address

SafeStack doesn’t store any password-related information.

We trust industry experts at Auth0 to store all authentication and authorization-related information for us. This means authentication itself is driven by our integration with Auth0.

A small subset of SafeStack’s team has access to the products and to customer data via controlled interfaces.

The intent of this access is to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.

All application data stored with SafeStack is encrypted at rest using the industry-standard AES-256 encryption algorithm on the database server(s).

In addition, all network communication uses a minimum TLS version 1.2 for encrypting data in transit.

The SafeStack platform was designed from the ground up to be a secure, multi-tenant, SaaS application. Platform design ensures there is a sufficient level of isolation between tenants, organizations within tenants, and groups within organizations.

Our role-based access control policies ensure that only users with specific roles are allowed to perform specific operations in the application. These roles and their corresponding allowed actions are well documented.

SafeStack uses Amazon Web Services (AWS) as its cloud service provider and leverages AWS’ security and compliance controls for data center physical security and cloud infrastructure.

You can find further resources for this service provider on the AWS Security Cloud website.

The SafeStack platform is continuously monitored to detect performance trends, connectivity issues, downtime, availability, errors as well and many other operational matters.

Our engineering team is alerted about high-priority issues within seconds of them occurring, so they can be investigated as quickly as possible.

SafeStack uses a centralized log management solution to capture various application-level logs, including backend and browser logs.

Logging is used extensively for troubleshooting, alerting and support purposes. All application logs have a retention period of 15 days, at which point they’re automatically and permanently deleted.

All activity in our AWS environment(s), either automated or by SafeStack personnel, is logged using AWS CloudTrail for verification purposes.

SafeStack regularly undergoes an external penetration test by an independent third party.

We appreciate any effort to find and coordinate the disclosure of security vulnerabilities. While we don’t currently have a bug bounty program or offer monetary rewards for vulnerability reports, we may provide swag or other acknowledgment or recognition in product updates.

If you’d like to report a vulnerability or you have security concerns about any SafeStack systems, please email

We back up all critical customer data automatically, continuously, and before any major releases. We also retain backups for many weeks and can perform point-in-time recovery. To ensure reliable and secure backups, we leverage the backup and restore features provided by AWS RDS.

We’re well versed with common disaster recovery scenarios and have plans in place to perform recovery drills for various types of disasters.

You can rely on our team’s collective experience to deal with disaster situations. In turn, we can rely on our well-established and constantly improving DevOps practices to keep downtime to a minimum and ensure our learners always have access to what they need in our platform.