A smiling team member looking into the distance while holding a laptop and notebook.A happy person holding a laptop

Built with security and privacy in mind.

Have a question that’s not answered here? Reach us at security@multitudes.co
An engineering manager potentially interested in diversity, equality and inclusion
A stylized illustration of data ethics where data protected by a lock.

SOC 2 Compliant

We’ve passed our Type I and Type II audits. As part of those, we completed an end-to-end review of our application infrastructure, company policies, and our processes. This included everything from how we work with vendors and how we hire, to how we build a product that serves our customers. Contact us for a copy of our report.

Platform Security

We’ve built Multitudes with security and data privacy in mind from the ground up. We follow modern cloud infrastructure practices, including infrastructure as code, continuous integration with automated test suites, encryption at rest and in transit, and separate environments for testing and production.

A stylized illustration of a computer screen showing product development and protected by a shield.
A stylized illustration of data ethics where data protected by a lock.

Cloud Security

We have chosen Amazon Web Services as our cloud service provider due to their comprehensive compliance offerings and excellent track record of platform security. More details regarding AWS Compliance offerings can be found here.

Data Protection

We only collect the data we need, and we refrain from collecting personally identifiable information where possible; the only identifiers we store on individual users is their public Github username and an alias that you decide (e.g., first name). You are the owner of your data, and have full control over our access to your data – you can ask us to erase your data at any time (though we hope that you love us so much that you won’t want to leave!). We will never sell your data to third parties in any form.

A stylized illustration of a software development window locked and protected by a password.

Security Features

Infrastructure
Checkmark

Hosting

All of our services are hosted on Amazon Web Services (AWS) inside a virtual private cloud (VPC). We do not maintain any physical servers.

Checkmark

Permissions

We use version-controlled AWS roles to manage access to all resources in each environment. We adhere to the principle of least privilege when it comes to resource permissions.

Checkmark

Environment segregation

We have separate AWS environments for development, staging, and production. No customer data is ever used in our development or staging environments.

Checkmark

Infrastructure as code

Any changes to infrastructure are made using Terraform. This means that all changes are peer-reviewed, automated, and version-controlled, which keeps our services secure and auditable.

Checkmark

Continuous integration

We run comprehensive automated testing suites for any code change.

Checkmark

Continuous deployment

We use CircleCI to continuously deploy to all our environments. Deployments to prod require manual intervention from a reviewer, after checking changes in the dev and staging environments.

Checkmark

Logging and alerts

We use Cloudtrail to log AWS access and Cloudwatch to log application access. In addition, we use AWS Security Hub to help ensure that we follow best practices and alert us of potential issues.

Application Security
Checkmark

Software updates

We continuously patch software on all applications with the latest available updates.

Checkmark

Application access

We only give login information for our insights dashboard to the list of emails you’ve given us, and you can change that list at any time.

Checkmark

Data access

You control the data that we are allowed to access. The data we require is shown in a list when you are installing our GitHub plugin, and you can revoke that access at any point by uninstalling our plugin.

Checkmark

Encryption

All data is encrypted at rest using AES-256 encryption, and during transit using SSL/TLS 1.2.

Checkmark

Data privacy

  • Our priority is to preserve the anonymity of individual users as best as possible, by only collecting the data we need and refraining from collecting personally identifiable information where possible.
  • The only identifiers we store on individual users is their username (e.g., public GitHub username), which you provide to us along with metadata around who the individual user reports to, their role on the team, and working norms like which days and hours they usually work.
  • For more, see our privacy policy.
Checkmark

Backups

We use AWS-managed services to run backups and versioning of data.

Checkmark

Monitoring

We use AWS CloudWatch for monitoring of all systems so that there is visibility over all actions taken in our AWS environments.

Other Security Features
Checkmark

Authentication

All Multitudes employees must enable multi-factor authentication on all core tools and services.

Checkmark

Confidentiality

All employee and contractor agreements include a confidentiality clause.

Checkmark

Continuous improvement

We will be pursuing security certifications that are appropriate for our risk profile in the future.

Checkmark

Certifications

We have completed an AWS Well-Architected Review with an AWS Solutions Architect and will continue to develop and improve our infrastructure in accordance with their best practices.

Checkmark

Device Management

We use a Mobile Device Management (MDM) service to manage all Multitudes devices. This allows us to have full control of a device and enforce the latest security updates and features.

Infrastructure
Checkmark

Hosting

All of our services are hosted on Amazon Web Services (AWS) inside a virtual private cloud (VPC). We do not maintain any physical servers.

Checkmark

Permissions

We use version-controlled AWS roles to manage access to all resources in each environment. We adhere to the principle of least privilege when it comes to resource permissions.

Checkmark

Environment segregation

We have separate AWS environments for development, staging, and production. No customer data is ever used in our development or staging environments.

Checkmark

Infrastructure as code

Any changes to infrastructure are made using Terraform. This means that all changes are peer-reviewed, automated, and version-controlled, which keeps our services secure and auditable.

Checkmark

Continuous integration

We run comprehensive automated testing suites for any code change.

Checkmark

Continuous deployment

We use CircleCI to continuously deploy to all our environments. Deployments to prod require manual intervention from a reviewer, after checking changes in the dev and staging environments.

Checkmark

Logging and alerts

We use Cloudtrail to log AWS access and Cloudwatch to log application access. In addition, we use AWS Security Hub to help ensure that we follow best practices and alert us of potential issues.

Application Security
Checkmark

Software updates

We continuously patch software on all applications with the latest available updates.

Checkmark

Application access

We only give login information for our insights dashboard to the list of emails you’ve given us, and you can change that list at any time.

Checkmark

Data access

You control the data that we are allowed to access. The data we require is shown in a list when you are installing our GitHub plugin, and you can revoke that access at any point by uninstalling our plugin.

Checkmark

Encryption

All data is encrypted at rest using AES-256 encryption, and during transit using SSL/TLS 1.2.

Checkmark

Data privacy

  • Our priority is to preserve the anonymity of individual users as best as possible, by only collecting the data we need and refraining from collecting personally identifiable information where possible.
  • The only identifiers we store on individual users is their username (e.g., public GitHub username), which you provide to us along with metadata around who the individual user reports to, their role on the team, and working norms like which days and hours they usually work.
  • For more, see our privacy policy.
Other Security Features
Checkmark

Authentication

All Multitudes employees must enable multi-factor authentication on all core tools and services.

Checkmark

Confidentiality

All employee and contractor agreements include a confidentiality clause.

Checkmark

Continuous improvement

We have completed an AWS Well-Architected Review with an AWS Solutions Architect and will continue to develop and improve our infrastructure in accordance with their best practices.

Checkmark

Certifications

We will be pursuing security certifications that are appropriate for our risk profile in the future.

Lock Icon

Want to learn more?

Visit our help center to get more information about our key security practices, policies, and contact details.

Read more about our Security & Privacy

Have a question that’s not answered here?

I usually struggle with how to make changes, but prompts from Multitudes showed me where exactly to take action. I now ask better questions in 1-on-1s with my team.”

Lance Cooper
Engineering Team Lead, Conqa
A construction manager working on site.

Discover how Conqa used Multitudes to improve team collaboration.

Green illustrator arrow icon