|Trust Center

CircleCI

CI/CD is the foundation of engineering productivity and speed. At CircleCI, we know that a team’s velocity must go hand in hand with building securely. World-class engineering teams don’t sacrifice security for speed, but rather, choose platforms like CircleCI that deliver both.

Our product philosophy for our customers has 8 pillars:

  • Security for All: We believe that security features should be accessible to all customers, regardless of their plan level.
  • Unobtrusive Security: We design security features to be intuitive and easy to use and believe most of all they must not interfere with the user experience.
  • Secure by Default: We build secure defaults out of the box.
  • Traceability: We believe visibility can drive accountability.
  • Store of No Value: We strive to minimize the amount of valuable or sensitive data stored.
  • Fail Securely: When we fail, we fail in a secure way.
  • Least Privilege: We grant users and systems only the minimum level of access necessary to perform their intended functions.
  • Complete Mediation: We ensure that all user actions are fully authorized and authenticated at all times.

We are constantly evaluating how we can improve both our internal security posture, and how we improve security for our customers. We invite questions and conversations on security at CircleCI and look forward to working with you to improve the security of the software ecosystem as a whole.

For customers interested in signing a Data Processing Addendum with CircleCI, you can sign our DPA here.

fa-envelope alpaca-fa-regular
compliance@circleci.com
fa-link alpaca-fa-regular
Privacy Policy

Resources

fa-arrow-down-to-line alpaca-fa-regular
Bulk download
fa-magnifying-glass alpaca-fa-regular
CircleCI Certificate of Liability Insurance
CircleCI Certificate of Liability Insurance
fa-eye alpaca-fa-regular
View
CircleCI Secure Software Development Attestation
US federal government mandated form to self-attest adherence to minimum secure software development requirements for use by federal agencies. Software providers use this form to attest that the software they produce is developed in conformity with specified secure software development practices.
fa-lock alpaca-fa-regular
Request access
Third Party Pen Test Confirmation
Third Party Pen Test Confirmation
fa-lock alpaca-fa-regular
Request access
CircleCI PCI DSS v4.0.1 ROC AOC Service Providers
Self-attestation of alignment to PCI DSS 4.0.1 where applicable to CircleCI's product offering
fa-lock alpaca-fa-regular
Request access
SOC 2 Exception Resolution
Attested document detailing the resolution of exceptions noted in the CircleCI SOC 2 report.
fa-lock alpaca-fa-regular
Request access