Security

Connect Cloud Security FAQs

Infrastructure

Where is your platform hosted?

Our software, systems, and customer data are stored securely in Amazon Web Services (AWS).

In what AWS region?

AWS us-east-2

Can we choose a different region for our account?

No. However, you can choose to store your own data in buckets (e.g., Amazon S3) or databases (e.g., Amazon Redshift) located in your desired data center regions and restrict the type of data pulled into your applications and documents deployed to Connect Cloud.

What happens to our data if there is a catastrophic event to your server?

Customer data is stored redundantly across multiple availability zones in the AWS US-EAST-2 region.

Is it a single or multi-tenant solution?

Multi-tenant

How confident are you that other customers won’t be able to access our data?

Each customer’s data is logically separated and strictly isolated using Role Based Access Control (RBAC).

Encryption

Is data encrypted in transit?

Yes, all communication between a user’s browser and Connect Cloud is encrypted using Transport Layer Security (TLS 1.2+). Additionally, all client-side communication, including session information (ids/tokens) and user input is validated server-side.

Do you have encryption at rest?

Yes. Where data is stored at rest, Posit employs AES-256 encryption.

Do we get our own encryption keys?

No. We manage the keys.

Internal Controls

Who at Posit has access to the production environment?

We follow a least privilege access security model. Only team members with a legitimate business need have access to the production environment. This includes engineers who provide 24/7 on-call support. Please note that our production environment is fully isolated from our staging and development environments and that access by Posit engineers is performed using Multi-Factor Authentication.

How do you ensure the security and trustworthiness of your personnel and their devices?

All employees are required to complete security training annually and are subject to a code of conduct. Background checks are performed for appropriate company roles. Employee workstations are secured with MDM to patch operating systems and installed applications, require strong passwords, ensure malware protection, and encrypt local storage.

What internal controls do you have in place to ensure secure and reliable software development?

  • Code Reviews: Code quality and peer validation
  • Software Composition Analysis: Software dependency vulnerability management
  • Static Code Analysis: Vulnerability detection early in development
  • Unit & Integration Testing: Functional correctness
  • 3rd-Party Penetration Testing: Independent validation of security posture

Can you share externally conducted security reports with us?

Yes. We can share security reports after an NDA is signed.

Data Connections

How can we securely connect to data sources?

  • Flat files: Use our encrypted secret variable management to connect with bucket storage systems such as Amazon S3.
  • Databases: Use our encrypted secret variable management to store database credentials.
  • IP Allowlisting: For added security, you can add our product’s static IP addresses to your Allowlist, allowing only trusted traffic to flow between your infrastructure and our services.

Can our content use external APIs?

Yes, by the use of encrypted secret variable management to store the appropriate keys.

Data Privacy

How do you handle user data privacy, ownership, and deletion?

Users own their data and can request deletion at any time as described in our Privacy Policy. Users can delete their accounts any time from within the Connect Cloud.

How do you minimize the use of customer data for internal purposes such as development and testing?

We follow a strict data minimization process. Only anonymized or synthetic data is used in development and testing.