Security
How we protect your data
Our commitment
Security is fundamental to RepoSprint. Your sprint data, time entries, and team information are protected with industry-leading security practices.
Infrastructure Security
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Secure Hosting
We use enterprise-grade cloud infrastructure with SOC 2 Type II compliance.
Network Security
Firewalls, intrusion detection, and DDoS protection safeguard our infrastructure.
Backups
Automated daily backups with point-in-time recovery capabilities.
Application Security
- GitHub OAuth
We never store your GitHub password. Authentication is handled securely through GitHub OAuth.
- Minimal Permissions
We request only the GitHub permissions necessary to provide our service.
- Session Management
Secure session handling with automatic expiration and the ability to revoke sessions.
- Input Validation
All user inputs are validated and sanitized to prevent injection attacks.
Operational Security
- Access Control
Principle of least privilege for all team members. Access to production systems is strictly controlled.
- Monitoring
24/7 monitoring of our systems with alerts for suspicious activity.
- Incident Response
Documented incident response procedures to handle security events quickly.
Enterprise Security
Enterprise customers receive additional security features:
- SSO/SAML integration
- Audit logs for all user actions
- Custom data retention policies
- Dedicated security reviews
- SLA with uptime guarantees
Responsible Disclosure
We appreciate security researchers who help keep RepoSprint safe. If you discover a vulnerability, please report it responsibly to:
Email: security@reposprint.com
Questions?
For security-related questions, contact us at security@reposprint.com