Is data encrypted in transit?
Yes. Communication between customers and Airbrake is by default sent securely via TLS.
Airbrake currently supports TLS protocol v1.2 and v1.3.
Support for TLSv1.0 and TLSv1.1 was deprecated on June 30, 2018.
Is data encrypted at rest?
All Airbrake customer data is stored encrypted at rest. This includes backups.
Where is Airbrake hosted?
Airbrake is hosted on Amazon Web Services in facilities which maintain various levels of compliance, certifications and assurance. More information can be found on the AWS security pages or requested from AWS.
Does Airbrake have two-factor authentication?
Yes! This feature is available on all current plans. It can be enabled on your profile page. For more info on how to set up the two-factor authentication, please visit the two-factor authentication doc.
Airbrake also supports the two-factor authentication as part of the GitHub single sign-on feature. By enabling the two-factor authentication on your GitHub profile you help secure your Airbrake account with an extra layer of security.
Does Airbrake maintain any certifications, attestation, or compliance?
Airbrake has certified it’s compliance with the EU-U.S. and Swiss-U.S Privacy Shield as set forth by the U.S. Department of commerce.
Airbrake also maintains GDPR compliance. For our EU customers we offer a Data Protection Addendum available here.
To fulfill our part of the shared responsibility model for cloud services Airbrake has completed a SOC 2 Type 2 Audit audit under the Security Trust Principle.
What about PCI DSS?
Airbrake’s payment and card information is handled by Stripe a certified PCI Level 1 Service Provider. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified PCI DSS compliant.
When accepting payments Airbrake does so in a PCI compliant manner. Our PCI SAQ is available by contacting support.
Vulnerability or security disclosure
If you would like to report a vulnerability, security issue or have other security related concerns about an Airbrake product please contact email@example.com.
If you are disclosing a vulnerability please do so responsibly and provide
- a summary of the vulnerability
- a proof of concept
- a list of tools used
- the output from the tools used
- the commands used to execute the tools
Please note Airbrake DOES NOT maintain a bug bounty program. Airbrake also DOES NOT pay for unsolicited disclosures.