Security Statement

Is my data secure?

General

As a software security provider, RIPS Technologies is commited to providing a highly secure and reliable software. Our SaaS platform is built on Amazon Web Services (AWS), which is compliant with a wide variety of industry-accepted security standards. Additionally, our engineers utilize proven and state-of-the-art security technologies and techniques in order to protect all systems, data, and information from unauthorized access in the best possible way.

If you have any questions or need additional information, please write to .
For encrypted email communication, you can use our PGP key.


What data is stored?

RIPS stores the following general customer data that is necessary for the purposes of its analysis service:

For each analyzed application, the following customer data is stored:

For each detected security issue, the following data is stored:

If not opted-out before a new scan, the uploaded source code files are stored in order to reference a detected security issue to its original code lines for an efficient review.
When opted-out, the source code files are not permanently stored on our servers. In this case, the code is securely transmitted and parsed by an isolated analysis instance that is deleted together with the code after the analysis completed.

RIPS Technologies does not store bank information or credit card data.


Where is my data stored?

For data storage, analysis, and backups, RIPS utilizes the preexisting Amazon AWS cloud infrastructure and therefore shares several AWS standards and accreditations. All virtualized servers are run in the EU region Frankfurt, Germany.

Among others, Amazon AWS is certified by the following security compliance standards:

Reference: Amazon Security Bulletins


Who has access to my data?


How is my data protected?

 Network Security

 Account Security

 System Security

 Secure Data Storage


Can I delete my data and what happens exactly?

When your SaaS account expires, all associated data is deleted within 60 days automatically.
Anonymized data, such as number of applications, scans, issues, files, and lines, is kept for statistics.
The following options are available to safely erase specific data from our servers at any time:

Account Delete
When you delete your account, all associated data is permanently deleted.
This includes all applications, scans, uploads, source code files, issues, reviews, and comments.

Application Delete
When you delete a specific application, all associated data of this application is permanently deleted.
This includes all scans, uploads, source code files, issues, reviews, and comments.

Scan Delete
When you delete a specific scan, all associated data of this scan is permanently deleted.
This includes all source code files, issues, reviews, and comments.

Code Delete
When you delete the code of a specific scan, all associated source code files are permanently deleted.
Code summaries of the detected security issues remain in the database at this point.