Yes, your data is safe with us. Security and privacy of your data is our number one priority. We perform automated and manual security testing on a regular basis. We also work with third-party security specialists to keep our platform safe and secure.
The following security and privacy-related audits and certifications are applicable to Heroku:
- EU-U.S. and Swiss-U.S. Privacy Shield certification: Customer Data submitted to the Heroku Services is within the scope of Salesforce’s annual certification to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as administered by the U.S. Departmentof Commerce, as further described in Salesforce's Privacy Shield Notice. The current certification is available at https://www.privacyshield.gov/list by searching under “Salesforce”.
- TRUSTe Certification: Salesforce has been awarded the TRUSTe Certified seal signifying that Salesforce’s Website Privacy Statement and privacy practices related to the Heroku Services have been reviewed by TRUSTe for compliance with TRUSTe’s Certification Standards.
We further strengthened our commitment to security by obtaining the EU-U.S. and Swiss-U.S. Privacy Shield certification. Our current certification is available at https://www.privacyshield.gov/list by searching for “productboard”.
We use SSL/TLS for data in transit, creating a secure tunnel protected by 128-bit or higher AES encryption.
Looking for more security?
Our Enterprise Plan offers Data Encryption at rest with AES-256, block-level storage encryption. You can read more about EBS encryption from AWS' Encryption article.