Security at SecureCodingHub
We build security training software. We take our own security seriously. Here is how we protect your data and our infrastructure.
SecureCodingHub is operated by LimePlate LLC. As a company that teaches developers to write secure code, we hold ourselves to the highest security standards. Our platform is built with a security-first architecture, and our practices are continuously reviewed and improved.
Infrastructure Security
All data at rest is encrypted using AES-256 encryption. Database volumes, backups, and file storage are all encrypted with keys managed through a dedicated key management service.
All communications between clients and our servers use TLS 1.3. We enforce HTTPS across all endpoints with HSTS headers and certificate transparency monitoring.
Customer data is logically isolated at the application layer. Each organization's data is segregated with strict access controls, ensuring no cross-tenant data leakage.
Authentication & Access
Enterprise customers can integrate with their identity provider using SAML 2.0 single sign-on. We support all major IdPs including Azure AD, Okta, and OneLogin.
MFA support adds an additional layer of security to user accounts. We support TOTP-based authenticator apps for second-factor verification.
Sessions are cryptographically secured with short-lived tokens, automatic expiration, and revocation capabilities. Inactive sessions are terminated after a configurable timeout period.
Compliance
SOC 2 Type II
We are actively pursuing SOC 2 Type II certification. Our controls for security, availability, and confidentiality are designed to meet the Trust Services Criteria.
GDPR
We comply with the EU General Data Protection Regulation. We provide data processing agreements, support data subject rights, and maintain a lawful basis for processing.
CCPA
We comply with the California Consumer Privacy Act. California residents can exercise their rights to know, delete, and opt-out of the sale of personal information.
Vulnerability Management
We conduct regular third-party penetration tests of our infrastructure and application. Findings are triaged, prioritized, and remediated according to severity.
Our CI/CD pipeline includes automated dependency scanning and software composition analysis. Known vulnerabilities in third-party libraries are flagged and addressed promptly.
We maintain a responsible disclosure program for security researchers. If you discover a vulnerability, please report it to us and we will work with you to resolve it.
Data Handling
We collect only the data necessary to provide our services. We do not collect unnecessary personal information and we do not sell user data to third parties.
Data is retained only for as long as needed to fulfill the purposes for which it was collected. When data is no longer required, it is securely deleted or anonymized.
Users can request deletion of their account and associated data at any time. We process deletion requests promptly and confirm completion within 30 days.
Responsible Disclosure
We value the work of security researchers who help keep our platform and users safe. If you believe you have found a security vulnerability in SecureCodingHub, we encourage you to report it responsibly.
Guidelines
- Provide a detailed description of the vulnerability and steps to reproduce
- Allow reasonable time for us to investigate and fix the issue before public disclosure
- Do not access, modify, or delete other users' data during your research
- Do not perform denial-of-service testing or social engineering attacks
Questions about our security?
If you have questions about our security practices, need a copy of our security documentation, or want to discuss compliance requirements, reach out to our security team.
security@securecodinghub.com