We put our customer's data security first.

Need to report a security vulnerability?

Please email us directly at security@nextrelease.io. Get a free month of service for every security flaw you or your team notify us about that hasn’t been reported yet.

Physical Security

  • We operate all our infrastructure in Amazon Web Services industry leading data centers
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24×7 onsite staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions

Operation Security

  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures

Software Security

Our team keeps our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Communications

All data exchanged with Next Release is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance).

Data Storage

We never store passwords as clear text – they are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted – all network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

Your code never touches our servers.

Maintaining security

We protect your login from brute force attacks with rate limiting. Login information is always sent over SSL.

We also allow you to use two-factor authentication, or 2FA, through GitHub login as an additional security measure when accessing your Next Release account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.

Credit card safety

When you sign up for a paid account on Next Release, we do not store any of your card information on our servers. It’s handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.