Security

BuildJet is not yet SOC2 compliant, but we plan to start the process this year. While we cannot provide a specific timeline, please email us at contact@buildjet.com to express your interest, and we will notify you when we achieve SOC2 compliance.

At BuildJet, we are dedicated to providing top-notch security for our customers. While we do not have the resources to answer custom security questionnaires, we offer a standard security questionnaire that you can purchase for a one-time fee of $500. We'll provide a Google Vendor Security Assessment Questionnaire (VSAQ) which is a recognized industry standard that covers a wide range of security topics.

To learn more, please email us at contact@buildjet.com.

BuildJet uses virtual machines (VMs) to securely isolate your data from other users. Specifically, we use KVM, a trusted VM technology built into the Linux kernel and utilized by millions of developers worldwide. We also implement strict rules around authentication, encryption, and other security measures to prevent unauthorized access to our systems.

To authenticate the GitHub's self-hosting software and ensure it runs the appropriate workflow, we create a one-time token for each customer requesting a workflow when the VM is created. This token can only be generated by our master token, which is secured in an isolated VM and only accessible by a single person within the company.

To protect your data, BuildJet employs several security measures:

• Your data is stored on our secure servers.
• All communication is encrypted.
• Access to our servers is strictly controlled and audited.
• Your code is never saved on our servers after a job is completed.

We pledge to keep your code secret and not access it ourselves. Your code will never be sold, and we understand that earning your trust is an ongoing process.

Our use of KVM-based virtual machines ensures that your data remains separate from other users' data. Our strict security measures prevent unauthorized individuals from observing or accessing your data.

We retain metadata logs containing information about CI jobs, including the initiator, start time, duration, and selected hardware. This data helps us understand our business performance over time.

We do not store your code and secrets after a job is completed.

For details on how to report security issues, please refer to our security.txt