As a software security provider, RIPS Technologies is commited to providing a highly secure and reliable software. Our SaaS platform is built on Amazon Web Services (AWS), which is compliant with a wide variety of industry-accepted security standards. Additionally, our engineers utilize proven and state-of-the-art security technologies and techniques in order to protect all systems, data, and information from unauthorized access in the best possible way.
If you have any questions or need additional information, please write to security_(a)_ripstech.com.
For encrypted email communication, you can use our PGP key.
RIPS stores the following general customer data that is necessary for the purposes of its analysis service:
For each analyzed application, the following customer data is stored:
For each detected security issue, the following data is stored:
If not opted-out before a new scan, the uploaded source code files are stored in order to reference a detected security issue to its original code lines for an efficient review.
When opted-out, the source code files are not permanently stored on our servers. In this case, the code is securely transmitted and parsed by an isolated analysis instance that is deleted together with the code after the analysis completed.
RIPS Technologies does not store bank information or credit card data.
For data storage, analysis, and backups, RIPS utilizes the preexisting Amazon AWS cloud infrastructure and therefore shares several AWS standards and accreditations. All virtualized servers are run in the EU region Frankfurt, Germany.
Among others, Amazon AWS is certified by the following security compliance standards:
Reference: Amazon Security Bulletins
Secure Data Storage
When your SaaS account expires, all associated data is deleted within 30 days automatically.
Anonymized data, such as number of applications, scans, issues, files, and lines, is kept for statistics.
The following options are available to safely erase specific data from our servers at any time:
When you delete your account, all associated data is permanently deleted.
This includes all applications, scans, source code files, issues, reviews, and comments.
When you delete a specific application, all associated data of this application is permanently deleted.
This includes all scans, source code files, issues, reviews, and comments.
When you delete a specific scan, all associated data of this scan is permanently deleted.
This includes all source code files, issues, reviews, and comments.
When you delete a specific issue, all associated data of this issue is permanently deleted.
This includes the code summary, reconstructed markup strings, reviews, and comments.
No source code files are deleted at this point.
When you delete the code of a specific scan, all associated source code files are permanently deleted.
Code summaries of the detected security issues remain in the database at this point.