Security

As a founding team of engineers, our knowledge of security and its importance to your work runs deep. Your data is always safe with Slab.
Product
We follow industry best practices to develop and delivery our product securely.
Infrastructure
We adhere to the highest industry standards for data security using MFA and encryption.
Trust & Verification
We challenge our assumptions through third-party collaborations and frameworks.

Product Security

Development Process
We follow industry best practices, so security is baked right into our product and regular development processes – including security design reviews, code reviews, unit & integration tests.

All engineers are required to know OWASP vulnerabilities and use libraries, frameworks, and mitigations vetted and recommended by the security community, such as Strict CSP.
Vulnerability Scanning
We regularly update our servers, tools, libraries, and patching vulnerabilities as they are discovered. Our application, host, and network are automatically scanned. We also automatically detect out-of-date dependencies.
Admin Controls
Team administrators can manage team-wide settings, including requiring single sign-on and two-factor authentication, managing integrations, and deactivating users.

Infrastructure Security

Encryption
Data in transit runs entirely over SSL, with an A+ from Qualys SSL Labs. Data at rest is encrypted with AES 128/256. All passwords are hashed using bcrypt and billing information is entirely managed by our PCI-compliant payments provider (Stripe).
Secrets Management
Secrets are stored securely and never in source code. Access to our infrastructure and related services requires SSH and two-factor authentication when possible.
Monitoring and Logging
We are committed to making Slab highly available. Our infrastructure runs on fault-tolerant systems and backups are made daily. We leverage redundant third-party providers to provide 24/7 monitoring and alerting of any downtime.

Trust and Verification

Penetration Testing
We conduct annual penetration tests on our application and infrastructure. These audits are conducted by respected independent security firms. Any issues surfaced are tracked and prioritized to their resolution.
Compliance
Slab is hosted on Google Cloud Platform, a leading cloud provider that holds rigorous industry security certifications, such as SOC 2 and ISO 27001.

Slab itself is certified under SOC 3, SOC 2 Type 2, as well as being fully compliant with the EU General Data Protection Regulation (GDPR).
SOC 2 Type 2

SOC 2 Type 2

GDPR

GDPR

Security Research
We welcome responsible security research and disclosure on our product and infrastructure. Potential vulnerabilities can be reported by emailing security@slab.com.