Security & privacy
Authentication
- Passwords should be unique and strong; use a password manager.
- Single sign-on (SSO) may be required by your employer — follow their IT policies.
- Session — Sign out on shared devices.
Access control
- Repository roles limit who can read or change resources.
- Organization admins can remove members or change access; review audit logs if your plan includes them.
Data handling (high level)
- Customer content (repositories, resources, marketplace listings) is stored to provide the service.
- Metadata (names, emails for billing) is used for account and compliance needs.
For DPA, subprocessors, or regional hosting questions, contact legal or support using the channel your contract specifies.
Reporting issues
If you discover a security vulnerability:
- Do not post exploit details publicly first.
- Contact security through your vendor’s published security.txt or support escalation path.
- Include steps to reproduce and impact without exfiltrating others’ data.
Privacy rights
Depending on your region you may have rights to access, correct, or delete personal data. Submit requests through the privacy or support contact published for your deployment.