Trust & Status — Release Assurance

Service Status

Live status across the services your team relies on.

Web ApplicationCustomer portal, dashboards, and reports

Operational

AuthenticationSign-in, session management, and MFA

Operational

APIProgrammatic endpoints for customer integrations

Operational

Workflow ExecutionScheduled and on-demand verification runs

Operational

Artifact DeliveryScreenshots, reports, and run recordings

Operational

NotificationsEmail alerts, incident notices, morning briefings

Operational

SchedulerRecurring workflow dispatch

Operational

Our Trust Commitments

We treat your data, your credentials, and your Salesforce org as if they were our own. Here is what that means in practice.

Security First

Security is built into every layer of the service, reviewed continuously, and prioritized above new-feature work when the two conflict.

Tenant Isolation

Your data is logically isolated from every other customer at every layer — storage, query, and access control — with automated regression tests guarding that boundary.

Least Privilege

Access to production systems is tightly scoped. Only a small set of authorized personnel can reach customer-affecting infrastructure, and every access path is logged.

Encryption Everywhere

All customer data is encrypted in transit with TLS and encrypted at rest. Secrets and credentials are stored in a dedicated secret-management service.

No Long-Lived Credentials

We use short-lived, tokenized access to your Salesforce org and never retain long-lived refresh tokens. Access tokens are kept in memory only.

Data Minimization

We collect only what is needed to run the service. Test artifacts are retained for the shortest period that still supports your debugging and compliance needs.

Resilient by Design

Monitoring, alerting, and automated health checks run 24/7 across multiple regions. On-call engineers are paged within minutes of any customer-impacting degradation.

Transparent Incidents

When something goes wrong, we tell you. Confirmed customer-impacting incidents are disclosed to affected tenants within 72 hours.

Security Measures in Place

A summary of the security controls we operate today. The exact implementation details are kept private, but every item below is enforced in production.

✓
Multi-factor authenticationSupported for every customer user account, with enforcement available for administrators.
✓
Role-based access controlEvery action in the platform is gated by a role. Administrative functions are never exposed to standard users, even by accident.
✓
Session revocationA leaked or stolen session can be invalidated instantly from anywhere the user signs in.
✓
Encrypted transport and storageTLS on every connection. Encryption at rest on every database row, file, and secret.
✓
Hardened browser policiesStrict Content Security Policy, HttpOnly session cookies, and cross-site-request protections on every authenticated endpoint.
✓
Upload validationFile uploads are validated for type, size, and filename safety before they are ever accepted.
✓
Authored-code reviewAny custom verification logic goes through automated safety checks before it can run against a customer org.
✓
Segregated customer environmentsNo customer's data, runs, or artifacts are ever visible to another customer.
✓
Audit loggingStructured, per-tenant activity logs with correlation to every action taken by users and internal operators.
✓
Continuous monitoringAlerting on authentication failures, dispatch errors, and service degradation, routed to on-call engineers.
✓
Independent uptime probesMultiple external monitors provide signal independent of our own infrastructure, so outages cannot silently hide from us.
✓
Vetted subprocessorsEvery third-party service we use is listed publicly and bound by its own data-processing commitments. See our Security page for the list.
✓
Data Processing AgreementA GDPR-aligned DPA is available on request to any customer.
✓
Responsible disclosureA dedicated security channel at security@ReleaseAssurance.com with a one-business-day acknowledgment target.
✓
Incident notificationConfirmed customer-impacting security incidents are reported to affected tenants within 72 hours.

Recent Incident History

Past 90 days.

No customer-impacting incidents reported in the last 90 days.

Questions about security or a live issue? Reach us directly at security@ReleaseAssurance.com. For full technical detail on our security posture, see our Security page.