As a software security provider, RIPS Technologies is commited to providing a highly secure and reliable software. Our SaaS platform is built on Amazon Web Services (AWS), which is compliant with a wide variety of industry-accepted security standards. Additionally, our engineers utilize proven and state-of-the-art security technologies and techniques in order to protect all systems, data, and information from unauthorized access in the best possible way.
If you have any questions or need additional information, please write to
For encrypted email communication, you can use our PGP key.
What data is stored?
RIPS stores the following general data that is necessary for the purposes of its analysis service:
- Account name
- First and last name
- License terms
- Email address
- Custom analysis settings
- Custom user privileges
For each analyzed application, the following customer data is stored:
- User-supplied application name, version, and tags
- Custom analysis settings
- Analyses timestamps
- Number of issues, files, functions, and lines of code
- Names and line numbers of files and functions
- Uploads and source code (optional)
For each detected security issue, the following data is stored:
- Vulnerability type
- Minimum set of affected code lines (code summary)
- Reconstructed markup strings
- Reviews and comments
By default, the uploaded source code files are stored in order to reference a detected security issue to its original code lines for an efficient review and full feature usage of RIPS.
When opted-out, the source code files are not permanently stored on our servers. In this case, the code is securely transmitted and parsed by an isolated analysis instance that is deleted together with the code after the analysis completed.
RIPS Technologies does not store bank information or credit card data.
Where is my data stored?
For data storage, analysis, and backups, RIPS utilizes the preexisting Amazon AWS cloud infrastructure and therefore shares several AWS standards and accreditations. All virtualized servers are run in the EU region Frankfurt, Germany.
Among others, Amazon AWS is certified by the following security compliance standards:
Reference: Amazon Security Bulletins
Who has access to my data?
- RIPS Technologies does not share customer data with third parties.
- Administrative access to customer data is restricted to a small number of closely managed RIPS Technologies administrators.
- Access to production systems and data follows the security standard of Least Privilege.
- For debugging purposes, access to affected code lines of an issue can be granted in accordance with the respective customer.
How is my data protected?
- All traffic from and to our service is encrypted using the SSL/TLS protocol.
- We enforce the usage of strong TLS ciphersuites.
- Data within our infrastructure is transmitted via encrypted VPNs.
- All systems are firewalled to a minimal number of access points.
- Only the account owner can access his separated account data by using his private password.
- We enforce a strong password policy.
- Passwords are stored hashed and salted (bcrypt).
- Access to an account is logged, tracked, and audited.
- Brute-force attempts are automatically prevented.
- Multi-Factor Authentication (TOTP) can be enabled.
- Email notifications for events such as new users or scans can be enabled.
- All operating systems are maintained according to best practices in the industry.
- All recommended patch levels are applied.
- Unneccessary users, services, and components are disabled.
- All systems are constantly monitored.
Secure Data Storage
- Data is stored on a virtualized server on Amazon AWS.
- Source code is stored encrypted using AES-256.
- Code analysis is performed with an isolated and virtual instance that is destroyed after analysis.
- Database backups are stored and transmitted encrypted at all times.
Can I delete my data and what happens exactly?
When your SaaS account expires, all associated data is deleted within 60 days automatically.
Anonymized data, such as number of applications, scans, issues, files, and lines, is kept for statistics.
The following options are available to safely erase specific data from our servers at any time:
When you delete your account, all associated data is permanently deleted.
This includes all applications, scans, uploads, source code files, issues, reviews, and comments.
When you delete a specific application, all associated data of this application is permanently deleted.
This includes all scans, uploads, source code files, issues, reviews, and comments.
When you delete a specific scan, all associated data of this scan is permanently deleted.
This includes all source code files, issues, reviews, and comments.
When you delete the code of a specific scan, all associated source code files are permanently deleted.
Code summaries of the detected security issues remain in the database at this point.