A smiling team member looking into the distance while holding a laptop and notebook.

Built with security and privacy in mind.

Have a question that’s not answered here? Reach us at security@multitudes.co
A smiling team member looking into the distance while holding a laptop and notebook.

Platform Security

We’ve built Multitudes with security and data privacy in mind from the ground up. We follow modern cloud infrastructure practices, including infrastructure as code, continuous integration with automated test suites, encryption at rest and in transit, and separate environments for testing and production.

A stylized illustration of a computer screen showing data and protected by a shield.
A stylized illustration of data protected by a lock.

Cloud Security

We have chosen Amazon Web Services as our cloud service provider due to their comprehensive compliance offerings and excellent track record of platform security. More details regarding AWS Compliance offerings can be found here.

Data Protection

We only collect the data we need, and we refrain from collecting personally identifiable information where possible; the only identifiers we store on individual users is their public Github username and an alias that you decide (e.g., first name). You are the owner of your data, and have full control over our access to your data – you can ask us to erase your data at any time (though we hope that you love us so much that you won’t want to leave!). We will never sell your data to third parties in any form.

A stylized illustration of a software window locked and protected by a password.

Security Features

Infrastructure
Hosting

All of our services are hosted on Amazon Web Services (AWS) inside a virtual private cloud (VPC). We do not maintain any physical servers.

Permissions

We use version-controlled AWS roles to manage access to all resources in each environment. We adhere to the principle of least privilege when it comes to resource permissions.

Environment segregation

We have separate AWS environments for development, staging, and production. No customer data is ever used in our development or staging environments.

Infrastructure as code

Any changes to infrastructure are made using Terraform. This means that all changes are peer-reviewed, automated, and version-controlled, which keeps our services secure and auditable.

Continuous integration

We run comprehensive automated testing suites for any code change.

Continuous deployment

We use CircleCI to continuously deploy to all our environments. Deployments to prod require manual intervention from a reviewer, after checking changes in the dev and staging environments.

Logging and alerts

We use Cloudtrail to log AWS access and Cloudwatch to log application access. In addition, we use AWS Security Hub to help ensure that we follow best practices and alert us of potential issues.

Application Security
Software updates

We continuously patch software on all applications with the latest available updates.

Application access

We only give login information for our insights dashboard to the list of emails you’ve given us, and you can change that list at any time.

Data access

You control the data that we are allowed to access. The data we require is shown in a list when you are installing our GitHub plugin, and you can revoke that access at any point by uninstalling our plugin.

Encryption

All data is encrypted at rest using AES-256 encryption, and during transit using SSL/TLS 1.2.

Data privacy
  • Our priority is to preserve the anonymity of individual users as best as possible, by only collecting the data we need and refraining from collecting personally identifiable information where possible.
  • The only identifiers we store on individual users is their username (e.g., public GitHub username), which you provide to us along with metadata around who the individual user reports to, their role on the team, and working norms like which days and hours they usually work.
  • For more, see our privacy policy.
Backups

We use AWS-managed services to run backups and versioning of data.

Monitoring

We use AWS CloudWatch for monitoring of all systems so that there is visibility over all actions taken in our AWS environments.

Other Security Features
Authentication

All Multitudes employees must enable multi-factor authentication on all core tools and services.

Confidentiality

All employee and contractor agreements include a confidentiality clause.

Continuous improvement

We will be pursuing security certifications that are appropriate for our risk profile in the future.

Certifications

We will be pursuing security certifications that are appropriate for our risk profile in the future.

Device Management

We use a Mobile Device Management (MDM) service to manage all Multitudes devices. This allows us to have full control of a device and enforce the latest security updates and features.

Infrastructure
Hosting

All of our services are hosted on Amazon Web Services (AWS) inside a virtual private cloud (VPC). We do not maintain any physical servers.

Permissions

We use version-controlled AWS roles to manage access to all resources in each environment. We adhere to the principle of least privilege when it comes to resource permissions.

Environment segregation

We have separate AWS environments for development, staging, and production. No customer data is ever used in our development or staging environments.

Infrastructure as code

Any changes to infrastructure are made using Terraform. This means that all changes are peer-reviewed, automated, and version-controlled, which keeps our services secure and auditable.

Continuous integration

We run comprehensive automated testing suites for any code change.

Continuous deployment

We use CircleCI to continuously deploy to all our environments. Deployments to prod require manual intervention from a reviewer, after checking changes in the dev and staging environments.

Logging and alerts

We use Cloudtrail to log AWS access and Cloudwatch to log application access. In addition, we use AWS Security Hub to help ensure that we follow best practices and alert us of potential issues.

Application Security
Software updates

We continuously patch software on all applications with the latest available updates.

Application access

We only give login information for our insights dashboard to the list of emails you’ve given us, and you can change that list at any time.

Data access

You control the data that we are allowed to access. The data we require is shown in a list when you are installing our GitHub plugin, and you can revoke that access at any point by uninstalling our plugin.

Encryption

All data is encrypted at rest using AES-256 encryption, and during transit using SSL/TLS 1.2.

Data privacy
  • Our priority is to preserve the anonymity of individual users as best as possible, by only collecting the data we need and refraining from collecting personally identifiable information where possible.
  • The only identifiers we store on individual users is their username (e.g., public GitHub username), which you provide to us along with metadata around who the individual user reports to, their role on the team, and working norms like which days and hours they usually work.
  • For more, see our privacy policy.
Other Security Features
Authentication

All Multitudes employees must enable multi-factor authentication on all core tools and services.

Confidentiality

All employee and contractor agreements include a confidentiality clause.

Continuous improvement

We have completed an AWS Well-Architected Review with an AWS Solutions Architect and will continue to develop and improve our infrastructure in accordance with their best practices.

Certifications

We will be pursuing security certifications that are appropriate for our risk profile in the future.

Lock Icon

Want to learn more?

Visit our help center to get more information about our key security practices, policies, and contact details.

Read more about our Security & Privacy

Have a question that’s not answered here?

I usually struggle with how to make changes, but prompts from Multitudes showed me where exactly to take action. I now ask better questions in 1-on-1s with my team.”

Lance Cooper
Engineering Team Lead, Conqa
A construction manager working on site.

Discover how Conqa used Multitudes to reveal a potential hotspot and improve their team and product health.