Trust and Safety at StatusGator

StatusGator is the world’s premier status data platform. We’ve been operating since 2015, collecting the status of thousands of services and aggregating them into our platform. Thousands of IT teams trust StatusGator to monitor their vendor statuses and host their team status page.

We’re a small but mighty company, doing one thing better than anyone else on earth: aggregating vendor status data. Our founders each have more than 20 years of software development and management experience. We combine that experience with a world-class team and industry-leading security and infrastructure providers to produce a platform you can trust.

9
Years in operation
2b+
Status checks performed
13m+
Notifications sent
3k+
Services monitored
28k+
Users served

StatusGator Security Checklist

StatusGator operates at all times with the security of our application and our customer’s data in mind. We follow MVSP, the Minimum Viable Secure Product security checklist, on which this checklist is based.

Last updated: April 1, 2024

Infrastructure

We host our dashboard and API backend on Heroku, the renowned platform-as-a-service hosting solution provided by Salesforce. By utilizing Heroku, our data remains safely stored in Amazon Web Services and backed by a team of 24x7x365 engineering support. The virtually limitless scalability of Heroku gives you the peace of mind to know that StatusGator will be there when you need it. In addition, we utilize both Cloudflare and Vercel CDN platforms to bring higher performance and stability.

Authentication

StatusGator supports 2FA and SAML-based SSO for increased security and credential management. Usernames and passwords are one of the easiest targets for cybercriminals and StatusGator protects your account by reducing the credential surface area with SAML Single Sign On, keeping you compliant. Our two-factor authentication uses one-time passwords (OTP) from a secure authenticator device. We do not support the less secure SMS-based 2FA.

Uptime

StatusGator is incredibly stable. Over the past 12 months, our uptime is 99.92% with approximately 7 hours of service degradation or downtime over the course of a year. Our status page is hosted entirely separately from the rest of our infrastructure so you can be sure it’s accessible even in unlikely event of a StatusGator platform outage.

Encryption

All StatusGator data is encrypted at rest using AES-256 block-level storage encryption, part of the Heroku platform with keys managed by Amazon Web Services’ EBS encryption. Our API, dashboard, and hosted customer status pages, are all only available via TLS/SSL meaning they are only available via HTTPS. Our SSL monitoring is provided by TrackSSL, our own certificate visibility and transparency platform. We use HSTS to prevent protocol-downgrade attacks.

Data Privacy

Access to customer data is limited to select few engineers needing to investigate specific production issues. Because StatusGator collects very little customer data – essentially a list of vendors and limited user information such as name and email, the amount of data available in our systems is limited.

Payment Security

Our payment process, Stripe, is the world leader in SaaS subscription payments and they are the only ones who ever see your payment method details. As a PCI Service Provider Level 1, Stripe’s security infrastructure is second-to-none and entirely separate from our own. We have no ability to see your specific payment information and only select few StatusGator employees have access to see summary payment details.

Vulnerability Disclosure

StatusGator utilizes two separate industry-standard vulnerability detection platforms to keep track of vulnerable packages and to prevent security vulnerabilities from being deployed. In addition, we maintain a bug bounty program and vulnerability disclosure policy which allows the ethical hacking community to help keep StatusGator data secure.

Backing

StatusGator has grown organically for more than 9 years and was proudly profitable from the very early days. We’re now backed by TinySeed, a start up accelerator. With TinySeed’s investment, we’re growing StatusGator’s base of rabid fans to include IT and DevOps teams from around the world.

Safety Features

Role-Based Access Control
Audit Logging
Encryption at Rest
Continuous Data Protection
Offsite Backups
Vulnerability Disclosure Policy
Data Erasure Procedure
30 Day Log retention
Static Code Analysis
Privacy Policy
Terms of Service
SAML Single Sign On
2-Factor Authentication