Security

Is data encrypted in transit?

Communication between customers and Airbrake is by default sent securely via TLS.

Airbrake currently supports TLS protocols v1.0, v1.1 and v1.2 with a planned deprecation for TLSv1.0 and TLSv1.1 on June 30, 2018.

Is data encrypted at rest?

All Airbrake customer data is stored encrypted at rest. This includes backups.

Where is Airbrake hosted?

Airbrake is hosted on Amazon Web Services in facilities which maintain various levels of compliance, certifications and assurance. More information can be found on the AWS security pages or requested from AWS.

Does Airbrake have two-factor authentication?

For paid plans Airbrake integrates with GitHub to provide 2FA. By enabling 2FA on your GitHub organization you help secure your Airbrake account with 2FA.

Does Airbrake maintain any certifications, attestation, or compliance?

Airbrake has certified it’s compliance with the EU-U.S. and Swiss-U.S Privacy Shield as set forth by the U.S. Department of commerce.

Airbrake also maintains GDPR compliance. For our EU customers we offer a Data Protection Addendum available by contacting privacy@airbrake.io.

Airbrake is currently preparing for a SOC 2 Type 2 Audit.

What about PCI DSS?

Airbrake’s payment and card information is handled by Stripe a certified PCI Level 1 Service Provider. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified PCI DSS compliant.

When accepting payments Airbrake does so in a PCI compliant manner. Our PCI SAQ is available by contacting support.

Vulnerability or security disclosure

If you would like to report a vulnerability, security issue or have other security related concerns about an Airbrake product please contact security@airbrake.io.

If you are disclosing a vulnerability please provide

  • a summary of the vulnerability
  • a proof of concept
  • a list of tools used
  • the output from the tools used
  • the commands used to execute the tools