knowledgebase

Security

The safety and integrity of your code is our highest priority. Your code and your data is always treated with respect. It's always encrypted in transport and at rest, and is stored in the European Union.

Sturdy stores data in the European Union and is compliant with the GDPR.

Your data is always encrypted in transit and at rest.

Platform security

Physical Access

Sturdy does not have any physical servers. All of our services run in the cloud.

Application Security

Files on your computer

Sturdy stores metadata in the users home directory in the following directories and files

  • ~/.sturdy-agent
  • ~/.sturdy-sync
  • ~/.sturdy

Sturdy also needs read/write access to the user-provided directories that Sturdy should monitor for code changes.

Sturdy will also automatically access the ~/.ssh/known_hosts file to configure SSH trust to Sturdy's servers.

Testing and review

Sturdy applies code review and automated and manual testing of all changes to the Sturdy software.

File communication to Sturdy

The local application communicates with the Sturdy API over HTTP with TLS, using a temporary (30 day) JWT (JSON Web Token). This token is rotated by the client in the background.

File transfers between a client and Sturdy are made over SSH, and are authenticated with 4096-bit RSA keys. The private key(s) are generated on the client, and will never leave the client computer.

User logins

User passwords are cryptographically hashed and salted before being stored in our database.

Security Policies

Employee access to data

Sturdy employees will only ever access customer data when it’s required for support related duties. When this happens, staff will do their best to respect customer privacy, and only access the code and settings required to debug the issue at hand.

All sessions and actions are logged, and regularly reviewed.

Contact us

Don't hesitate to reach out to us if you have any questions.

support@getsturdy.com