Last udpated on June 12, 2024

Security & Backups

ServeManager is engineered and architected from the ground up with security and data integrity as a top priority.

SOC 2 Compliance

We're proud to announce that ServeManager is now SOC 2 compliant, further reinforcing our commitment to the highest standards of security. SOC 2 compliance is a testament to our unwavering dedication to safeguarding user data. If you wish to delve deeper into our SOC 2 report, please contact us. Note: We may require an NDA before sharing the report to protect sensitive information regarding our security posture. For a comprehensive look at the benefits of our SOC 2 compliance, check out our detailed blog post.

SOC 2 Type 1 Compliance Certification


All requests to the ServeManager web application are transmitted over a secure HTTPS connection. This ensures the highest level of security, using advanced encryption methods to protect your data, similar to the standards used by financial institutions.

Database & Backups 

Only authorized individuals can access data. Access to our database is restricted to secure connections and password protected. Users' passwords are stored with bcrypt (1-way salted encryption) and are unrecoverable even in the unlikely event that the database was compromised. Daily database backups are archived in perpetuity and available for restoration if something cataclysmic were to happen. The database is encrypted at rest, so if physical hardware was compromised the data would be unreadable.

File Uploads & Attachments

Documents uploaded to ServeManager are protected by server-side encryption and private URLs.  They are only accessible from an authenticated user request from ServeManager. All uploaded documents are backed up and versioned, so even in the unlikely event that a file gets overwritten, the previous version can be restored. Encryption at rest also protects the data in the event of a physical compromise. 


ServeManager is written with Ruby on Rails, a web application framework. Ruby on Rails Security Policy We run the latest version of the language and framework with the most up-to-date security patches available.

Our codebase features a comprehensive test suite that to helps to ensure features function as expected and improvements can be made with confidence. In the software development industry, the technique is referred to as "Test Driven Development (TDD)." It is widely regarded as the most effective way to develop and maintain quality software. 

The codebase is version controlled with git and is securely stored in a private repository on Github. Github Security Policy


Application servers are run on Heroku. Heroku's Security Policy 

Heroku is built on top of Amazon Web Services. Amazon Web Services Security Center