Capgo Security.
Move forward with confidence. We offer multiple levels of protection to keep your intellectual property and sensitive data secure.
Product security
Source code protection
- Source code is continuously scanned for vulnerabilities using Sink Inspector.
Data security
Encryption communication
- All data traffic is encrypted via TLS and HTTPS.
Source code encryption
- Source code is always encrypted in transit via TLS and HTTPS.
Data backup
- Capgo maintains a data backup policy that follows industry best practices.
Network security
Architecture
- Capgo’s architecture consists of multiple secure network layers.
Application security
Secure coding
- Any changes that make their way into production must first be reviewed and approved. Code refactoring must adhere to secure coding principles and industry best practices, such as those defined by OWASP.
Site reliability
- Capgo use 100% serverless infrastructure, historically achieving 99.9% uptime. See status here
Application penetration testing
- Capgo is regularly tested by third-party penetration testers to ensure the security of the application.
Business security
Background checks
- Capgo don't have employees and will never, only one person, Martin Donadieu has access to production database. Freelancer or open-source contributors are not allowed to have access to production database.
Security awareness
- Capgo Founder take security awareness, best practice, and incident response training.
Security coding education
- Capgo by been 100% open-source, is leaded to improve security with the community.
Partner management
- Capgo requires all critical third-party vendors to achieve SOC 2 certification at the minimum, and verifies certifications annually.
Incident response
- Capgo stands at the ready with a dedicated Incident Response Person.
Incident response policy & plan
- An incident response policy is maintained and managed by a dedicated incident response Person at Capgo.
Communication
- In the event of system-wide issues, customers are notified by their email. Capgo's system status and network and security incidents are published at https://status.capgo.app.