Shipmuch
Sign InSign Up
Sign Up
Sign In

Security Policy

Last Updated: May 2026

1. Our Commitment to Security

At Shipmuch (operated by TORIS Technologies (Pty) Ltd), security is a core pillar of our deployment and infrastructure orchestration platform. We are committed to protecting the applications, code, variables, and workloads you trust us with.

2. Infrastructure & Hosting Security

  • Cloud Providers: Our systems are hosted on premium, secure cloud infrastructure providers (e.g., AWS, GCP) that maintain rigorous physical and network security standards.
  • Network Segmentation: Workloads deployed through Shipmuch are logically isolated using secure container orchestration, ensuring cross-tenant network isolation.
  • Firewalls & Encryption: All web traffic is encrypted in transit using industry-standard TLS (HTTPS). Internal service communications are encrypted and protected by strict access control firewalls.

3. Application & Deployment Security

  • Secret Management: Sensitive environment variables, registry credentials, and deployment keys are stored securely, encrypted at rest, and injected only at build or runtime.
  • OAuth Integrations: Connections to GitHub, GitLab, and registries are managed using official OAuth flows, granting limited-scope access tokens that can be revoked at any time.
  • Least Privilege Access: Access to backend systems, databases, and configuration control planes is strictly limited to authorized personnel on a need-to-know basis.

4. Monitoring & Incidents

  • We continuously monitor our infrastructure for performance, vulnerabilities, and unauthorized activity.
  • In the event of a security incident, our team will respond rapidly, isolate affected systems, and notify impacted users as soon as possible.

5. Vulnerability Disclosure

If you discover a security vulnerability in our platform, we request that you disclose it to us responsibly.

  • Please email reports to: security@shipmuch.com
  • Do not publicly disclose the vulnerability until we have had reasonable time to investigate and patch it.
  • Do not attempt to access other users' data, disrupt services, or perform destructive actions during your research.

6. Contact Information

For any security-related inquiries, audits, or reports, please reach out: