All end-user data is being processed only by EU companies, and only use those that have EU data residency.
Stormly encrypts all data using TLS where possible, making sure encryption is applied to data:
Data in use, in flight, and rest are encrypted according to what is deemed sufficient according the data protection legislation requirements.
Backups (of Clients’ End-User Data) are kept for a retention period of a maximum of 6 months, after which they are permanently removed.
Any code changes to Stormly are tested with automatic processes, as well as manual peer reviews of code, to minimize the potential for security issues in the code.
Stormly infrastructure is continuously monitored for irregularities to detect any potential abuse.
The Stormly infrastructure treats any user and its actions on the Service as a privileged user with full access. Because of this, we built Stormly applications and services around the concept of logical separation, making sure that all resources that belong to that organization (such as plugins, analysis or data being run, but also analytics data in rest) and/or project within an organization, cannot be accessed by other users that are not authorized to do so.
Data of Stormy's Clients is processed and/or stored by third-party providers. See “Data Processing Agreement”, "Article 7. Subprocessing" for more details. The following lists all third-party providers that process and/or store Client data:
We’re happy to receive any potential security issues from our users. Send an email to email@example.com detailing the steps to reproduce the security issue or a proof-of-concept. We handle all security disclosures as good as we can, by working together with you where possible.