staff.rip
▲ SECURITY

Security

How we protect the workspace and your data. PGP key and disclosure policy at the bottom.

── LAST UPDATED · 2025-04-12 · v3.2
▸ TL;DR
01 TLS everywhere. Data encrypted at rest with AWS KMS-equivalent keys.
02 SOC 2 Type II in audit. ISO 27001 next.
03 Quarterly third-party penetration tests.
04 Public bug bounty programme — payouts up to €5,000.
§ 01

Architecture

Separation between control plane, agent runtime, and customer data. Workspaces isolated at the database row level. Workers run in your own infrastructure (or in our managed VPS, scoped per Space).

§ 02

Authentication

Magic-link login by default. WebAuthn / passkey support. SSO via SAML 2.0 / OIDC for Pro plans.

§ 03

Encryption

TLS 1.3 in transit. AES-256-GCM at rest. Per-org key derivation. Secrets vaulted, never logged.

§ 04

Audit logs

Every privileged operation is logged with actor, time, and source. Retained for 90 days (Free) / 2 years (Pro).

§ 05

Disclosure

security@staff.rip · PGP fingerprint 9F4A 2C18 7B6E 3D5A · we acknowledge within 24h, fix within 30 days, credit you publicly if you want.