What are your security practices? (Vendor Security Review / Due Diligence)
Here you can find all the information needed for your Vendor Security Review to ensure Knapsack Pro's security meets industry standards and best practices.
Terms and Conditions
We, as your vendor, don't process your customer's data.
We are not a Processor, in terms of GDPR, of personal data (Data Subject) in relation to your organization (Controller).
Hosting and Database
Knapsack Pro is hosted on Heroku.com. On https://www.heroku.com/policy/security you can find the following information:
- Security Assessments and Compliance
- Penetration Testing and Vulnerability Assessments
- Network Security
- Data Security
The database is hosted by Amazon Web Services in Ireland, Europe (
eu-west-1). In particular, Knapsack Pro uses Amazon Relational Database Service (RDS).
All the connections with the Knapsack Pro API are protected with SSL.
PCI Compliant Payments
Knapsack Pro uses BraintreePayments.com for encrypting and processing credit card payments. Thanks to Braintree, Knapsack Pro is PCI compliant.
Knapsack Pro client libraries collect a minimal amount of data about your project:
- Branch name
- Commit hash
- Number of parallel CI nodes
- CI node index
- File paths of your tests (e.g.,
- Tests execution time
- Masked user data for users triggering your CI builds or making git commits (e.g.
Jo** Sm*** <jo**.sm***@ex*****.co*>for John Smith <email@example.com>)
Additionally, you can encrypt tests file paths and/or branch names on your CI node with a salt before they are sent to the Knapsack Pro API. In other words, only you can decrypt the tests file paths or branch names.
Knapsack Pro does not have access to your project source code/repository. Knapsack Pro Admins can see the data listed above if you need help with debugging, but are not able to decrypt your data without the salt.