, security by design

We protect your DevOps ecosystem against data loss & cyber threats and securely manage your organization's data to keep it private.

User AES 256
User AES 256

Trusted by the world’s leading organizations

Diebold Nixdorf

Our top concern is protecting our users’ source code and Intellectual Property. Furthermore, we have made every effort to ensure the data protection is as seamless as possible. Let’s take a look at how provides the best security measures for your organization.

Multi-level security mechanisms


Product security features


Storage & infrastructure security



1. Product security features

We do not provide you only a DevOps backup solution. With our secure and safe technology, we guarantee you peace of mind in every situation.

User AES 256 encryption: most providers create encryption keys to secure user data. GitProtect goes one step ahead – to enforce your data security our solution enables you to create custom encryption keys. And as always, we are providing the military-grade AES 256 algorithm to secure your data.

In-flight encryption: we encrypt your data in-flight before it even leaves your physical machine, so it’s protected either during backup execution or at rest in the repository

Zero-knowledge encryption: your device does not have any information about the encryption key - it receives it only when performing a backup. We don’t know what’s inside and nor will any intruder.

No single point of failure: our solution simply enables the communication between the device and storage and does not take part in the backup process. You can lose access or configuration but as long as you have your encryption key you can restore the data.

Secure password vault: our built-in Password Manager store and manage all your passwords (internal and external) in one, secure place. You don’t have to remember or write them down - if you need to use it, just choose from the list.

Ultra-secure authorization: to address the most pressing security concerns GitProtect allows advanced authorization methods: login and password, personal access token, or app password – depending on your git hosting provider.

SOC2 compliant: We strongly believe in data security, availability, processing integrity, confidentiality, and privacy. Thus, GitProtect manages your organization's data in compliance with the SOC 2 standard mitigating your third-party risks.

Ransomware protection: compresses and encrypts your data which keeps it inexecutable on the storage. It means that even if ransomware will hit your backed-up data, it can not be executed and spread on the storage. The authorization data for storage and GitHub (or Bitbucket and GitLab) are stored in secure Password Manager, and in the case of on-premise instances, the agent receives them only for the duration of the backup. So if ransomware hits the machine our agent is on, it won't have access to authorization data and storage. Finally, even if ransomware will encrypt your repo data, you can immediately restore a chosen copy from the exact point in time and get back to coding immediately.

Encryption strength powered by Xopero ONE uses Advanced Encryption Standard (AES) algorithm to encrypt data. AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is considered unbreakable and is widely used by many governments and organizations.

Within the user must provide a string of characters on the basis of which the encryption key will be built. This string is later saved in Secure Password Manager.

Available encryption settings:

Low - Forces the AES algorithm to work in OFB (OUTPUT FEEDBACK) mode with an encryption key of 128 bits.

Medium - as in the case of 'Low' encryption strength, the AES algorithm is run in OFB mode, but the key used is the encryptor is twice as long - it consists of 256 bits.

High - with this option selected, AES will work in CBC (CIPHER-BLOCK CHAINING) mode, and the encryption key is 256 bits long.

2. Storage & infrastructure security powered by Xopero ONE only relies on secure and compliant data center providers. Our customers’ data are stored in USA-based or EU-based best-in-class data centers, compliant with stringent security guidelines which offer 24x7 tech and network support. Independent third-party auditors certify that systems and processes comply with all the latest industry standards. Standards and certifications include:

ISO 27001 is the international security standard used to benchmark the protection of sensitive data. It encompassed organizational security policies, personnel security, physical and environmental security, systems and network security, and business continuity management.

EN 50600 is the first European-wide, a transnational standard that provides comprehensive specifications for the planning, construction, and operation of a data center with a holistic approach.

EN 1047-2 standard describes an extensive test method for external fire exposure. It determines the protection of temperature- and moisture-sensitive data carriers and hardware systems in data rooms as well as containers.

SOC 2 Type II report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.

SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

FISMA compliance is data security guidelines set by FISMA andNational Institute of Standards and Technology (NIST). NIST is responsible for maintaining and updating the compliance documents as directed by FISMA.

DOD standard refers to the compliance with all guidelines and regulations established by the American Department of Defense (DOD).

DCID is a compliance with the Director of Central Intelligence Directive and it refers to security practices used to protect highly classified intelligence information systems.

HIPAA compliance refers to a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI).

Other certifications: PCI-DSS Level 1and PCI DSS compliant, ISO 50001, LEED Gold Certified, SSAE 16 compliant.

iso aicpa soc hipaa fisma pci

Data centers security

Our data center providers meet the highest standards of physical security to restrict unauthorized physical access and protect the safety of our customer data. Only authorized personnel have access to the data centers, based on 2FA, 24/7 monitoring by surveillance cameras, and strict access management - pre-authorized visitors only.

Focus security measures

  • External Perimeter fence with 24x7 CCTV monitoring and guard patrols,
  • Footage stored for 30 days,
  • Man traps to data hall,
  • 2 factor authentication (biometric/ card),
  • Pre-authorized visitors only,
  • Visitor logs are kept for one year

Fire protection and suppression

  • 24×7 decentralized monitoring of M&E plant room&redundant systems,
  • Gaseous fire suppression and dry-pipe pre-action sprinklers,
  • Very Early Smoke Detection Apparatus (VESDA),
  • Sub-raised floor water detection system installed around CRAC units and along the perimeter of the room,
  • FM200 fire suppression,
  • Doors and partitions are minimally 2-hours rated

3. by Xopero ONE and the GDPR

The protection of personal data is very important to us - both in terms of data protection of our clients (as an administrator) and data stored by customers as part of backups (as a processor).

To provide our clients with the highest level of protection, we have implemented a number of tools to protect personal data, fully compliant with the high requirements of Regulation (Eu) 2016/679 Of The European Parliament And Of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation (GDPR).

Learn more