Last updated: March 2026
GitKraken.dev encrypts all data in transit (TLS) and at rest (AES-256). This page describes what data GitKraken.dev collects, where it is stored, and how it is secured for each cloud service. This applies to GitKraken cloud organizations only; On-Premise deployments manage data locally. SOC 2 reports are available for Business and Enterprise customers through the Trust Center.
What data does GitKraken.dev collect and how is it secured?
| Service | What information are we collecting | How is this information secured in the transfer | Where is this information stored | How is this information secured in storage |
|---|---|---|---|---|
| Workspaces/Insights | Repo meta-data issues/PR’s | Encrypted with TLS | MongoDB Atlas | Encrypted at rest (AES-256) |
| Teams & Users | Repo-relative file paths, number of lines changed, name of branch currently checked out, first commit SHA of the repository | Encrypted with TLS | MongoDB Atlas | Encrypted at rest (AES-256) |
| Subscriptions | Billing info: lastFour, name, type (credit card, paypal, ach…), zip, country, creditCard type (mastercard, visa…) | Encrypted with TLS | MongoDB Atlas | Encrypted at rest (AES-256) |
| Launchpad | Storing meta-data for issues/pull-requests/URLs | Encrypted with TLS | Postgres (RDS) | Encrypted at rest (AES-256) |
| Cloud Patches | Info related to the patch (repo name/URL/provider/base branch name/etc.) + the patch content itself. | Encrypted with TLS | Patch info is stored in a Postgres database, patch content is stored in AWS S3. | SSE-S3, which uses 256-bit Advanced Encryption Standard (AES-256) |
How to request a SOC 2 report
GitKraken and its tools are SOC 2 certified. To request a copy of the SOC 2 report, visit the Trust Center to start the request process. An MNDA (Mutual Non-Disclosure Agreement) is required before the report can be shared. Any member of a Business or Enterprise organization can initiate the request.
SOC 2 reports are only available for Business and Enterprise customers.
