Security

Security is our foundation

Built from the ground up with enterprise-grade security. Your data is protected by industry-leading practices and certifications.

Request Security Review Download SOC 2 Report
SOC 2 Type II

Annually audited

GDPR

Fully compliant

HIPAA

BAA available

ISO 27001

Certified

Security Practices

Encryption at Rest

All data is encrypted using AES-256 encryption. Database, backups, and logs are all encrypted.

Encryption in Transit

All traffic is encrypted using TLS 1.3. We enforce HTTPS everywhere, no exceptions.

Audit Logging

Complete audit trail of all flag changes, user actions, and system events. Unlimited retention on Enterprise.

Role-Based Access

Fine-grained permissions for who can view, edit, and deploy feature flags. Custom roles available.

SSO & SAML

Integrate with your identity provider. Support for Okta, Azure AD, OneLogin, and any SAML 2.0 provider.

Data Residency

Choose where your data is stored. Available regions include US, EU, and APAC.

Infrastructure Security

Cloud Infrastructure

Hosted on AWS with SOC 2 and ISO 27001 certified data centers. Multi-AZ deployment for high availability.

Network Security

WAF protection, DDoS mitigation, and network isolation. All internal traffic is encrypted.

Penetration Testing

Annual third-party penetration tests by independent security firms. Continuous automated scanning.

Vulnerability Management

Automated dependency scanning, SAST/DAST tools, and 24-hour SLA for critical vulnerabilities.

Incident Response

24/7 security monitoring with documented incident response procedures. Customers notified within 72 hours of any breach.

Bug Bounty Program

We partner with security researchers to keep FeatureFlag secure

We offer rewards for responsibly disclosed security vulnerabilities. Our program covers all production FeatureFlag services and is open to all security researchers.

$500
Low Severity
$2,500
Medium Severity
$10,000
Critical Severity
View Program Details

Questions about security?

Our security team is happy to answer questions and provide additional documentation.