Security is our foundation
Built from the ground up with enterprise-grade security. Your data is protected by industry-leading practices and certifications.
Annually audited
Fully compliant
BAA available
Certified
Security Practices
Encryption at Rest
All data is encrypted using AES-256 encryption. Database, backups, and logs are all encrypted.
Encryption in Transit
All traffic is encrypted using TLS 1.3. We enforce HTTPS everywhere, no exceptions.
Audit Logging
Complete audit trail of all flag changes, user actions, and system events. Unlimited retention on Enterprise.
Role-Based Access
Fine-grained permissions for who can view, edit, and deploy feature flags. Custom roles available.
SSO & SAML
Integrate with your identity provider. Support for Okta, Azure AD, OneLogin, and any SAML 2.0 provider.
Data Residency
Choose where your data is stored. Available regions include US, EU, and APAC.
Infrastructure Security
Cloud Infrastructure
Hosted on AWS with SOC 2 and ISO 27001 certified data centers. Multi-AZ deployment for high availability.
Network Security
WAF protection, DDoS mitigation, and network isolation. All internal traffic is encrypted.
Penetration Testing
Annual third-party penetration tests by independent security firms. Continuous automated scanning.
Vulnerability Management
Automated dependency scanning, SAST/DAST tools, and 24-hour SLA for critical vulnerabilities.
Incident Response
24/7 security monitoring with documented incident response procedures. Customers notified within 72 hours of any breach.
Bug Bounty Program
We partner with security researchers to keep FeatureFlag secure
We offer rewards for responsibly disclosed security vulnerabilities. Our program covers all production FeatureFlag services and is open to all security researchers.
Questions about security?
Our security team is happy to answer questions and provide additional documentation.