From product architecture, to legal compliance, to privacy protection, we take security very seriously to remain worthy of thousands of developers who trust us with their API lifecycles.
TLS certificate to encrypt data in transit, free on every plan.
We encrypt all data at rest with the highest security standard.
Redocly’s cloud application Workflows features highly customizable access policies to fit your exact security requirements.
SAML2 or OpenID connect with domain verification.READ THE DOCS →
Give project-level permissions to groups of people.READ THE DOCS →
Map users to relevant teams based on their IdP attributes.READ THE DOCS →
Rich event logging to track how users updated projects over time.
Redocly conducts internal and external (3rd party) penetration testing at least annually.
We scan our code and dependencies daily with AWS Elastic Container Registry. Critical issues are resolved in under one week.
Background checks, security awareness training, access levels following the principle of least privilege.
Continuous monitoring of containers using AWS ECR, and agents for continuous monitoring of our devices.
As an API documentation provider, we have stewardship over one of the most crucial assets in today’s economy. We are fierce in making sure that every code sample, dox_page.md and asset you create belongs to you, and take responsibility to protect yours and your users’ data. You can access all our compliance reports in your Redocly dashboard.PRIVACY NOTICE →ACCESS ALL REPORTS →
We ensure each of our providers adheres to our standards of privacy and security, and inspect their compliance records annually. Please refer to our full list of sub-processors for an up to date list.SUB-PROCESSORS WE USE →
We take aggressive measures to ensure business continuity for us and our customers, with frequent backups and fast disaster recovery, both tested regularly. All traffic is protected by web application firewall (WAF) and we keep our status up to date at status.redocly.com.