Data Security
SecureCodingHub is designed with security at every layer. This page covers how we protect your organization's data.
Encryption
All data is protected with industry-standard encryption:
In Transit
All data is encrypted using TLS 1.2+ between your browser and our servers. No plaintext transmission.
At Rest
All data at rest is encrypted using AES-256 encryption. Database backups are encrypted.
Infrastructure
- Hosted on AWS (US region)
- Application and database on isolated networks
- Regular security patches and updates
- DDoS protection via AWS Shield
- Automated monitoring and alerting
Data Handling
Here is what data we store and why:
| Data Type | Stored | Purpose |
|---|---|---|
| User email & name | Yes | Account identification |
| Challenge progress & scores | Yes | Training tracking |
| Stack preferences | Yes | Personalization |
| Authentication tokens | Temporary | Session management |
| Passwords | No | We use passwordless auth |
| Source code | No | Challenges are client-side only |
Compliance
- GDPR compliant — data processing with legitimate interest / contract basis
- Users can request data export or deletion
- Data retention: active accounts retained indefinitely, deleted accounts purged after 90 days
- Sub-processors listed in our privacy policy
Access Control
- Role-based access control (Platform Admin, Org Admin, Learner)
- Organization-level data isolation (multi-tenant)
- SCIM token authentication for provisioning APIs
- Rate limiting on all public endpoints
Reporting Vulnerabilities
If you discover a security vulnerability, contact security@securecodinghub.com. We take all reports seriously and aim to respond within 48 hours.
Compliance info: For detailed compliance information, see our Security page at securecodinghub.com/security or contact security@securecodinghub.com.