Security

Source Code Protection

PullApprove does not have write-access to your code. Source code is read via the GitHub API, and never persisted in long-term storage.

Hosting & Reliability

PullApprove is built on well-known cloud services provided by Amazon Web Services (AWS) and Google Cloud. We strive to build scalable solutions by leveraging reliable and trusted services.

Monitoring & Backups

PullApprove is constantly monitored for errors and availability so that any issues can be fixed as soon as possible. Automated backups are made of databases that contain persisted and critical customer data.

Vulnerability Scanning & Patches

PullApprove uses GitHub Security Alerts to scan for vulnerabilities. We regularly review and apply patches to our systems using automated and manual methods.

Incident Response

In the event that PullApprove or one of its providers is compromised, and your data is put at risk, we will notify you within 72 hours.

Employee Access to Customer Data

Customer data is only accessed when responding to support requests (with your permission) or when investigating bugs or issues with the product.

The only people with access to customer data are the ones who require it to do their job.

Permissions and Authentication

We use two-factor authentication (2FA) where possible for employee access to services related to PullApprove. Access to PullApprove, and the cloud services used to run it, is only given to people who need it.

PCI Compilance

PullApprove uses Stripe for payment processing, which is certified to PCI Service Provider Level 1. You can find more information about Stripe's policies on their website.

Reporting Issues

If you have discovered a security concern, please email us at [email protected]. We appreciate your responsible disclosure of any issues you find.

Questions

If you have any questions about our security policy or practices, please email us at [email protected].