From product architecture, to legal compliance, to privacy protection, we take security very seriously to remain worthy of thousands of developers who trust us with their API lifecycles.
TLS certificate to encrypt data in transit, free on every plan.
We encrypt all data at rest with the highest security standard.
Redocly’s cloud application Workflows features highly customizable access policies to fit your exact security requirements.
SAML2 or OpenID connect with domain verification.
Roles & permissions
Give project-level permissions to groups of people.
Map users to relevant teams based on their IdP attributes.
Rich event logging to track how users updated projects over time.
Redocly conducts internal and external (3rd party) penetration testing at least annually.
We scan our code and dependencies daily with AWS Elastic Container Registry. Critical issues are resolved in under one week.
Background checks, security awareness training, access levels following the principle of least privilege.
Continuous monitoring of containers using AWS ECR, and agents for continuous monitoring of our devices.
Redocly has completed the System and Organization Controls (SOC) 2, Type II audit. Log in to download this and other reports.
As an API documentation provider, we have stewardship over one of the most crucial assets in today’s economy. We are fierce in making sure that every code sample, dox_page.md and asset you create belongs to you, and take responsibility to protect yours and your users’ data. You can access all our compliance reports in your Redocly dashboard.PRIVACY NOTICE →ACCESS ALL REPORTS →
Completed the CAIQ version 4 questionnaire and certified under the Cloud Security Alliance’s (CSA) STAR program for cybersecurity.VIEW THE LISTING →
We offer a Data Processing Addendum (DPA) that enables you to comply with GDPR, CCPA and other privacy regulations.Data Processing Addendum →
We ensure each of our providers adheres to our standards of privacy and security, and inspect their compliance records annually. Please refer to our full list of sub-processors for an up to date list.SUB-PROCESSORS WE USE →
We take aggressive measures to ensure business continuity for us and our customers, with frequent backups and fast disaster recovery, both tested regularly. All traffic is protected by web application firewall (WAF) and we keep our status up to date at status.redocly.com.
Last tested: July 19, 2023