The safety and integrity of your code is our highest priority. Your code and your data is always treated with respect. It's always encrypted in transport and at rest, and is stored in the European Union.
Sturdy stores data in the European Union and is compliant with the GDPR.
Your data is always encrypted in transit and at rest.
Sturdy does not have any physical servers. All of our services run in the cloud.
Sturdy stores metadata in the users home directory in the following directories and files
Sturdy also needs read/write access to the user-provided directories that Sturdy should monitor for code changes.
Sturdy will also automatically access the
~/.ssh/known_hosts file to configure SSH trust to Sturdy's servers.
Sturdy applies code review and automated and manual testing of all changes to the Sturdy software.
The local application communicates with the Sturdy API over HTTP with TLS, using a temporary (30 day) JWT (JSON Web Token). This token is rotated by the client in the background.
File transfers between a client and Sturdy are made over SSH, and are authenticated with 4096-bit RSA keys. The private key(s) are generated on the client, and will never leave the client computer.
User passwords are cryptographically hashed and salted before being stored in our database.
Sturdy employees will only ever access customer data when it’s required for support related duties. When this happens, staff will do their best to respect customer privacy, and only access the code and settings required to debug the issue at hand.
All sessions and actions are logged, and regularly reviewed.
Don't hesitate to reach out to us if you have any email@example.com