The safety of your business relies on the tools that you use. At Torch we go an extra mile to make sure our Service is secure, reliable and worth your trust.
Torch is hosted on secure Amazon Web Services facilities that continually manage risk and undergo recurring assessments to ensure compliance with industry standards. This includes independent policies for physical access, monitoring & logging, surveillance & detection, device management, operational support systems, infrastructure maintenance, and governance & risk. For more information on the AWS physical security processes, click here.
All private data to and from Torch is transmitted over SSL. All communication with external services, such as Github, Bitbucket, GitLab and AWS is done over secure HTTPS connection. All communication with the source code is done over SSH connection authenticated with keys. All registered users are virtual and have no user account on our machines. The SSH credentials used to push and pull cannot be used to access a shell or the filesystem.
If you choose to upgrade your subscription plan, we'll ask you for the details for your credit card. We do not store this information on our servers: we are using Paddle, an external payment provider. All servers are PCI Compliant.
All passwords in Torch are salted and hashed by one-way encryption algorithms. We never store user passwords in raw format. Access keys and environment variables used in delivery actions (SSH, AWS access, Github API access, etc.) are salted and encrypted with two-way encryption algorithms and kept in this form in the database.
All data is backed up in real-time to AWS infrastructure in diversified AWS regions. Torch employees have no access to stored data unless given explicit permission from customers to solve a support request. Backup data is permanently removed after 3 weeks since the account cancellation.