StarSling
Security

Compliance

Security certifications and compliance practices

View Markdown

StarSling is committed to meeting enterprise security requirements.

Current Status

SOC 2 Type II

Status: In progress

We are actively working toward SOC 2 Type II certification. Expected completion: Q2 2026.

GDPR

Status: Compliant

StarSling processes minimal personal data and complies with GDPR requirements:

  • Data minimization practiced
  • Right to deletion supported
  • Data processing agreement available on request

HIPAA

Status: Not certified

StarSling is not currently HIPAA compliant. Do not use for workloads involving PHI.

Security Practices

Access Control

  • All employee access requires MFA
  • Production access limited to on-call engineers
  • Access logged and audited quarterly

Infrastructure Security

  • Cloud infrastructure with security best practices
  • Regular security patches applied
  • Network segmentation between environments

Incident Response

  • 24/7 on-call rotation
  • Documented incident response procedures
  • Customer notification within 24 hours for security incidents

Vulnerability Management

  • Regular dependency updates
  • Automated security scanning in CI
  • Responsible disclosure program

Penetration Testing

We conduct annual penetration tests with third-party security firms.

Most recent test: Q4 2024

Findings: No critical or high severity findings

Reports available under NDA for Enterprise customers.

Vendor Security

GitHub

We integrate with GitHub's APIs, which maintain:

  • SOC 1, 2
  • ISO 27001
  • FedRAMP

Security Questionnaire

For enterprise security reviews, we provide:

  • CAIQ (Consensus Assessment Initiative Questionnaire)
  • SIG (Standard Information Gathering)
  • Custom questionnaire responses

Contact founders@starsling.dev to request security documentation.

Responsible Disclosure

If you discover a security vulnerability, please report it to:

security@starsling.dev

We commit to:

  • Acknowledging receipt within 24 hours
  • Providing status updates every 72 hours
  • Not pursuing legal action for good-faith research

Enterprise Security Features

Available for Enterprise:

  • Single Sign-On (SSO) via SAML
  • Audit log export
  • Custom data retention policies
  • Dedicated support channel
  • Security review calls

Data Handling

Data practices

Contact Sales

Enterprise inquiries

Data Handling

What data StarSling accesses, stores, and retains

Common Issues

Frequently encountered issues and solutions

On this page

Current Status
SOC 2 Type II
GDPR
HIPAA
Security Practices
Access Control
Infrastructure Security
Incident Response
Vulnerability Management
Penetration Testing
Vendor Security
GitHub
Security Questionnaire
Responsible Disclosure
Enterprise Security Features