Source Code Protection
PullApprove does not have write-access to your code. Source code is read via the GitHub API, and never persisted in long-term storage.
Hosting & Reliability
PullApprove is built on well-known cloud services provided by Amazon Web Services (AWS) and Google Cloud. We strive to build scalable solutions by leveraging reliable and trusted services.
Monitoring & Backups
PullApprove is constantly monitored for errors and availability so that any issues can be fixed as soon as possible. Automated backups are made of databases that contain persisted and critical customer data.
Vulnerability Scanning & Patches
PullApprove uses GitHub Security Alerts to scan for vulnerabilities. We regularly review and apply patches to our systems using automated and manual methods.
Incident Response
In the event that PullApprove or one of its providers is compromised, and your data is put at risk, we will notify you within 72 hours.
Employee Access to Customer Data
Customer data is only accessed when responding to support requests (with your permission) or when investigating bugs or issues with the product.
The only people with access to customer data are the ones who require it to do their job.
Permissions and Authentication
We use two-factor authentication (2FA) where possible for employee access to services related to PullApprove. Access to PullApprove, and the cloud services used to run it, is only given to people who need it.
PCI Compilance
PullApprove uses Stripe for payment processing, which is certified to PCI Service Provider Level 1. You can find more information about Stripe's policies on their website.
Reporting Issues
If you have discovered a security concern, please email us at security@pullapprove.com. We appreciate your responsible disclosure of any issues you find.
Questions
If you have any questions about our security policy or practices, please email us at security@pullapprove.com.