This document provides details about our security practices and policies. You will find detailed information about the measures we have implemented to ensure the safety and privacy of your data.
Secure infrastructure
- RelativeCI services run on Google Cloud Platform(GCP). GCP provides a robust infrastructure with advanced security features, ensuring your data's confidentiality, integrity, and availability.
- Access to the platform, source code, and third-party tools is secured with two-factor authentication.
Data encryption
- Data in transit (transmitted between your device or services to RelativeCI or between RelativeCI services) is encrypted using Transport Layer Security (TLS)
- Data at rest (processed data, containers, archives, etc.) is encrypted using AES-256 keys.
Data retention and removal
- Projects data - based on the subscription type:
- PRO and Open Source subscriptions: until the project is deleted
- Free: 1 year
- Admin logs - one year
- Service logs - 30 days
Application
- RelativeCI uses Firebase Authentication with GitHub for authorization and authentication
- We use third-party services to monitor exceptions, logs, and the performance of our services
Agents
The agents run on the client infrastructure and are responsible for collecting and sending the bundle stats and build information to RelativeCI.
- Available as open-source projects:
@relative-ci/agentnpm package, GitHub action - Can run on isolated environments and workflows
- Automated tests and static analysis for every change
- Automated dependency updates and security checks
- Automated build and publish flow with npm provenance
Secure development
We use best practices to develop secure and reliable software:
- Code review, automated testing, and static analysis for every change
- Automated dependency updates
- Automated build and release flow
Backups
We backup and encrypt the project data regularly:
- Daily backups stored for 7 days
- Weekly backups stored for 1 month
Payment security
RelativeCI uses Paddle.com as a Merchant of Record. We do not process or store any information about the payment method(e.g: credit card data).
If you have any questions about this Security Policy, please get in touch with us by email: security@relative-ci.com
Last update: 01/12/2023, Effective date: 12/01/2020