Your Data Privacy at Judoscale: Commitment to Security and Protection

The data we collect from you and your application belongs to you. Your data will never be shared with a third-party for promotional/marketing purposes. We will do everything in our power to keep your data private and secure.

Cookies

Cookies are required to use the Judoscale web interface. We store a small amount of data to keep your session authenticated while using the service.

Data storage

We use vetted and trusted third-party vendors to provide the necessary hardware, software, networking, storage, and related technology required to run Judoscale. We store aggregated request and job metrics for only a short window (a few days) before removing them.

Infrastructure and database security

Judoscale runs on Heroku, and our application database is fully managed by Tiger Data (formerly TimescaleDB). Data in that database is encrypted both in transit and at rest, and Tiger Data is SOC 2 compliant. Database credentials live in Heroku config (DATABASE_URL), so they stay out of source control. We do not use row-level encryption; instead, sensitive fields are encrypted at the application level before being written to the database.

Sensitive information

We mitigate risk by collecting as little sensitive information as possible. We do not collect or store credit card data, social security numbers, or your application’s user data. We do collect your email address, application name, and process information which we receive from the platform APIs (Heroku, Render, Railway, Fly.io, Amazon ECS), and we collect request/job metrics and relevant software version numbers through the available Judoscale client adapter packages/libraries.

We have no access to your application code or data.

Account access

Your Judoscale account can be accessed through Heroku SSO, or direct sign-in using an email address and password. Customer-managed MFA or SSO for direct sign-in is not available today.

Operational access controls

Access to our production infrastructure and managed database is limited to our two core engineers, and 2FA is required for both Heroku and Tiger Data.

Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Connecting to Judoscale requires TLS version 1.2 or newer. Tokens, API keys, and other sensitive account credentials are encrypted in the application before being stored, and account passwords are hashed with BCrypt.

Disclosure

Your data may be shared with law enforcement if — and only if — a court order says we have to, or when your actions violate the Terms of Service.