Security Overview

Compliance Accreditation

Shuttlerock is audited against the System and Organization Controls (SOC) 2 Type II compliance standard. If you would like to review a copy of the SOC 2 Type II audit report or ask any questions about our audit accreditation, please submit your request to security@shuttlerock.com


Why is SOC 2 important?

SOC 2 Type II accreditation provides our customers and partners with assurances that our information security standards meet the relevant Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality and privacy. 


The audit process is conducted and renewed annually so our customers and partners can trust our commitment to maintaining the standards and controls that we implement within the organisation.


What does the SOC 2 Type II audit process involve?

The audit is conducted by an independent third-party firm that has examined and evaluated our organisational standards to determine if the compliance controls meet the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) TSC.


The SOC 2 report describes Shuttlerock’s organisational system and assesses the fairness of our description of the controls we implement. The audit firm’s opinion evaluates whether our organizational controls are designed appropriately and performed effectively during the audit period.

How we protect your data

All the data we store about you is accessible only by Shuttlerock team members that need access to help you meet your goals and to provide customer support. The data we store is backed up daily and can be recovered in the event of a system failure.  

At Shuttlerock your data is always yours. We do not sell your data, we comply with GDPR, and we will delete your data under GDPR requirements on request. To make a request please contact the team.

Secure encryption

All connections to and from our systems are performed over SSL/TLS and are protected by 256-bit encryption. What this means is all sensitive data transmitted over the internet is secure and safeguarded. 

All sensitive data stored in our database is encrypted using the AES256-GCM algorithm before being written to the database. All data is encrypted at rest.



Staying up and running

We know how frustrating system downtime can be. At Shuttlerock our goal is to make sure you can access our systems as and when you need them. 

Our commitment to this goal has guided us to develop an infrastructure environment that includes locating our servers in top-security Amazon data centres, which have been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS), as well as being compliant with SOC 2 and ISO 27001 security practices. 

To ensure redundancy, our servers are located in geographically diverse locations. We strive to remove any single point of failure to provide a robust, high-availability system.

Any scheduled maintenance or planned downtime is announced ahead of time on our status page at status.shuttlerock.com. Please subscribe to email updates at the status site to receive the latest information. 

Protecting your billing information

Payment processing is performed by Stripe, which has been validated as providing Level 1 service under the Payment Card Industry (PCI) Data Security Standard (DSS). We do not (and will never) store your credit card information on our systems. 

See the Stripe security documentation for more details.

Day-to-day protection

We sanitize data submitted to us to keep our systems safe from attack. We use both internal and 3rd-party services to monitor our systems around the clock, which alert operations staff instantly.

We operate under the principle of least privilege, restricting access unless necessary.

As part of our induction process, every member of the Shuttlerock team takes a security training course.

More information

Responsible Disclosure Policy
Terms of Use
Privacy Policy

If you have a question about how we stay safe and secure here at Shuttlerock please get in touch.

Report a security issue

If you have any concerns, notice an exploit, or come across a problem then please report it to us. See our Responsible Disclosure Policy for more information.