When users grant your application permission to act on their behalf, security is paramount. Here’s how we protect your users’ data and access.

User Sessions & Access

We handle user sessions with extreme care:

  • We don’t store usernames or passwords
  • Only encrypted session data is stored
  • Developers can delete user sessions at any time
    • End users can revoke access at any time by logging out of their account (the same way you can revoke a session on Netflix, LinkedIn, etc.)
  • Time-limited access for sensitive operations

Infrastructure Security

Your integrations run on enterprise infrastructure:

  • Secure, scalable AWS and Kubernetes infrastructure
  • Infrastructure managed as code for consistency and security
  • 24/7 monitoring and alerting

Access Controls

We protect access to our infrastructure through:

Authentication & Authorization

  • Role-based access following principle of least privilege
  • Single Sign-On (SSO) for authentication
  • Extra approval required for privileged access

Data Protection

We safeguard integration data through:

Encryption

  • All data encrypted at rest
  • TLS 1.2 for data in transit
  • Enterprise password management for secure credential handling

Development Security

Our development process protects your integrations:

  • Code hosted on GitHub with mandatory review
  • Automated continuous integration and testing
  • Branch protection rules
  • Change management: Infrastructure changes go through the same review process as application code

Our Approach

We take security seriously because your users trust you, and you trust us. Questions about our security practices? Reach out to the Anon team at support@anon.com.

Was this page helpful?

IntegrationsGlossary