Skip to content

Security

From time to time, we get questions about security at OctoPerf. In general, we are not too keen on exposing information about our security practices, because it only makes it easier for the very people we're securing ourselves against.

But we realize security is an important concern to you, so we've decided to post answers to the most important questions.

For a more detailed document about the security policies and practices inside OctoPerf, please contact sales@octoperf.com from a professional email.

Application Security

Since any information of our customers might be critical, we have taken many steps to improve our security:

  • Passwords are hashed, even our own staff can’t view them. If you lose your password, you must reset it.
  • Communication with our servers is secured via SSL and TLS 1.3.
  • Our internal servers communicate through IPSEC encrypted tunnels to avoid any "man in the middle" effect.
  • Every OctoPerf account only has access to its own data.
  • Isolated tests environments to ensure every metric collected remains private to your account.
  • We work toward keeping frontend and backend up-to-date with latest bug fixes and security releases.
  • We recommend the use of anonymized or temporary data when possible to further reduce any risk.

OctoPerf is not a honeypot

We do not store credit card or payment information inside OctoPerf. All this information is stored by a third-party provider: Stripe.

Of course, as a well-known payment solution, Stripe enforces strict rules as well: https://stripe.com/docs/security/stripe

Protecting Ourselves Against You

No offense meant, but if your computer gets compromised someone might get access to your OctoPerf account, and that's not good for either of us:

  • We monitor and will automatically suspend accounts in case of irregular or suspicious activity.
  • Certain changes to your account, such as your password, trigger email notifications to the account holder.

Data & Infrastructure Security

The data centers behind OctoPerf all manage physical security 24/7, with fire risk management, dedicated electrical supplies and their own network links. We carefully pick our partners in that area to make sure they comply with the latest recommendations and norms. Our infrastructure provider has completed the following certifications: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 and SOC3.

OctoPerf Servers

As OctoPerf is used to generate millions of requests every month from several thousand accounts, all the resulting data is replicated across several databases and mirrored regularly off site. This way we ensure that all your data is safe whatever happens to one of our providers.