Security Practices

We take the security of your data seriously. This page describes the controls iron.sh uses to safeguard your data. If you have questions, contact [email protected].

Infrastructure

Our production environment runs on locked-down bare metal servers. All infrastructure changes are applied through Infrastructure as Code — there is no manual access to production systems. Access to production is strictly limited and regularly reviewed. We perform regular vulnerability scans across our infrastructure.

Data Protection

All sensitive data is encrypted at rest using industry-standard encryption. All data is encrypted in transit. Customer data is backed up regularly to ensure availability and durability.

Compliance

We are currently undergoing a SOC 2 Type I audit. We maintain continuous compliance monitoring through Vanta.

Vendor Management

All vendors we work with are required to maintain SOC 2 compliance.

Employee Security

All employees undergo background checks prior to joining.

Secure Development

We follow secure-by-design and privacy-by-design principles across our engineering organization.

Reporting a Vulnerability

If you believe you have found a security vulnerability, please report it to [email protected].