Security

Security is fundamental to everything we build. Here's how we protect your data.

Security First

BuildrFlags is designed with security at its core. We use industry-leading practices and undergo regular security assessments to ensure your feature flags and data are protected.

Infrastructure Security

  • AWS Infrastructure: Hosted on AWS with SOC 2 Type II, ISO 27001, and other certifications
  • Network Security: VPC isolation, WAF protection, DDoS mitigation via CloudFront
  • High Availability: Multi-AZ deployment with 99.9% uptime SLA

Data Protection

  • Encryption in Transit: TLS 1.3 for all API and web traffic
  • Encryption at Rest: AES-256 encryption for all stored data
  • API Key Security: Keys stored as SHA-256 hashes, never in plaintext
  • Data Isolation: Strict tenant isolation with workspace-level access controls

Access Control

  • Authentication: AWS Cognito with secure password policies and optional MFA
  • Role-Based Access: Granular permissions (Owner, Admin, Member, Viewer)
  • SSO/SAML: Enterprise SSO integration available (Enterprise plan)
  • Audit Logging: Complete audit trail of all changes with user attribution

Operational Security

  • Secure Development: Code review, automated security testing in CI/CD
  • Dependency Scanning: Automated vulnerability scanning for dependencies
  • Incident Response: 24/7 monitoring with defined incident response procedures

Responsible Disclosure

We appreciate the security research community's efforts to help keep BuildrFlags secure. If you discover a security vulnerability, please report it responsibly.

  • Email security issues to security@buildrflags.com
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for us to investigate and fix
  • Do not access or modify other users' data

We commit to acknowledging reports within 48 hours and keeping you informed of our progress.

Security Contact

For security questions or to request our security documentation, contact us at security@buildrflags.com