StackLensBack to home

Trust & Safety

Security at GetStackLens

We build security in from the start — not as an afterthought. Here's how we protect your data and what to do if you find a vulnerability.

Security Practices

Encryption in Transit

All data between your client and GetStackLens is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and reject insecure connections.

Encryption at Rest

Customer data stored in our databases and object storage is encrypted at rest using AES-256. Database backups are encrypted with the same standard.

Access Controls

Role-based access control (RBAC) is enforced at every layer. Production systems follow the principle of least privilege. All privileged access is logged.

API Key Security

API keys are hashed before storage — we never store the plaintext key. Keys can be scoped by permission and revoked instantly from your dashboard.

Audit Logging

Every API call, configuration change, and data access is logged with tamper-evident audit trails. Logs are retained per your plan's retention policy.

Data Isolation

Each organization's data is logically isolated. We use separate database schemas and enforce tenant ID checks at the application layer on every query.

Infrastructure

GetStackLens Cloud is hosted on Vultr infrastructure, with our EU deployment in the Amsterdam region. EU customers can opt into EU-only data residency to satisfy data sovereignty requirements.

All services run in isolated private networks. Public-facing services sit behind a load balancer with DDoS protection. Database instances are not publicly accessible.

We maintain automated daily backups with point-in-time recovery. Backups are retained for 30 days on Starter, 90 days on Team, and custom retention on Enterprise.

Compliance & Certifications

GDPR
In progress
SOC 2 Type II
Planned
EU AI Act
In progress

Our GovernAI module is purpose-built to help your organization meet EU AI Act requirements, including generating Article 13 transparency documentation with a single click.

Responsible Disclosure

If you discover a security vulnerability in GetStackLens, we ask that you disclose it responsibly. Please email us at security@getstacklens.ai with a description of the vulnerability and steps to reproduce it.

  • We will acknowledge your report within 48 hours.
  • We will provide a resolution timeline within 7 business days.
  • We will credit you publicly (if desired) once the vulnerability is fixed.
  • We ask that you do not publicly disclose the vulnerability until a patch is released.

We do not currently offer a bug bounty program, but we are grateful for responsible disclosures.