RedShrew LogoREDSHREW

Security & Compliance

Last updated on July 24, 2025

Infrastructure and Network Security

Physical Access Control

RedShrew is hosted on Google Cloud Platform, benefiting from Google's state-of-the-art data center security, including multi-factor electronic access controls, surveillance systems with 24/7 monitoring, perimeter fencing and biometric verification, and intrusion detection systems. RedShrew personnel have no physical access to Google’s data centers.

Logical Access Control

RedShrew infrastructure access is restricted to authorized team members via secure two-factor authenticated VPNs. Server access requires unique private keys securely stored in encrypted storage.

Penetration Testing

RedShrew undergoes annual penetration testing by third-party security specialists. Testing is performed on isolated environments without exposing customer data. Vulnerability findings guide immediate remediation strategies, and penetration testing summaries are available upon customer request.

Third-Party Audit

RedShrew and Google Cloud Platform regularly participate in independent third-party audits, including SOC 2 (SSAE 18) and ISO 27001 certifications. Audit reports are available to customers upon request.

Intrusion Detection and Prevention

RedShrew leverages advanced IDS/IPS systems with both behavioral analysis and signature-based detection to continuously monitor and prevent threats. Our security team actively monitors alerts and swiftly addresses anomalous activity.

Business Continuity and Disaster Recovery

High Availability

RedShrew's infrastructure is designed with redundancy to ensure continuous availability. Regular maintenance is performed seamlessly without impacting platform uptime.

Business Continuity

Encrypted hourly backups of all customer data are securely stored across multiple geographical regions. These backups facilitate rapid restoration in rare cases of primary data loss.

Disaster Recovery

In case of region-wide service disruptions, RedShrew rapidly activates a duplicate environment in an alternative geographical region on Google Cloud Platform. Our operations team is highly experienced in executing region-wide recovery plans.

Data Flow

Data into System

RedShrew's sensors securely transmit detection events via encrypted channels. We strongly encourage proactive scrubbing of sensitive data and offer customizable scrubbing tools within our SDKs, recommending filters for passwords and secret keys, credit card numbers, session cookies, and authentication headers.

Data through System

Data transmission to RedShrew occurs exclusively via encrypted HTTPS/TLS connections, and data remains AES-256 encrypted both in transit and at rest.

Data out of System

Event data is securely accessible via the RedShrew user interface and APIs. Integration with third-party security and workflow management tools adheres to stringent security standards.

Data Security and Privacy

Data Encryption

All data stored in RedShrew’s systems is encrypted at rest using Google’s globally redundant Key Management Service. Encrypted data ensures robust security even in the unlikely event of physical breaches.

Data Retention

RedShrew retains customer event data by default for 90 days. Regular backups follow the same retention policies, and data beyond these periods is permanently deleted.

Data Removal

Upon subscription termination, customer data becomes inaccessible within 24 hours and is permanently deleted following the defined retention period. Customers can also request immediate data deletion via our support channels.

PII Scrubbing

RedShrew recommends customers avoid sending personally identifiable information (PII). Our Data Scrubber service proactively removes suspected sensitive data. Users can further customize scrubbing options in their project settings.

Application Security

Multi-Factor Authentication

RedShrew strongly encourages MFA usage, including security keys and TOTP apps, to enhance account security. User MFA status visibility helps customers manage internal security practices.

Single Sign-On (SSO) and SAML 2.0

RedShrew offers robust SSO and SAML 2.0 integrations, supporting streamlined authentication and automated account provisioning with providers like Azure Active Directory and Okta.

REST API Authentication

All data stored in RedShrew’s systems is encrypted at rest using Google’s globally redundant Key Management Service. Encrypted data ensures robust security even in the unlikely event of physical breaches.

Email Security

RedShrew employs SPF, DMARC, and DNSSEC policies to mitigate email spoofing and phishing threats. Detailed records and configurations are transparently available.

Audit Controls

RedShrew provides detailed audit logs of user and administrative actions, including timestamps and IP addresses, ensuring full visibility for security compliance and incident management.

Secure Application Development

RedShrew adheres to continuous delivery practices, including thorough automated testing, peer reviews, and rapid vulnerability remediation to minimize security risks.

Corporate Security

Malware Protection

RedShrew utilizes advanced Endpoint Detection and Response (EDR) and Mobile Device Management (MDM) tools on company devices, enforcing stringent security policies.

Risk Management

Following NIST SP 800-30 guidelines, RedShrew proactively conducts regular security risk assessments and implements stringent risk management procedures.

Contingency Planning

RedShrew maintains comprehensive contingency plans, regularly updated and rigorously tested to ensure swift response and resolution in any disruptive scenarios.

Security Policies

  • Access and Change Management
  • Data Security and Incident Response
  • Vendor and Vulnerability Management

Detailed security policy documentation is available to enterprise customers upon request.

Background Checks & Training

RedShrew performs extensive background checks for all employees, including identity verification, criminal record checks, and global watchlist screenings. Comprehensive security training is mandatory for all staff annually.

Vulnerability Disclosure

RedShrew welcomes vulnerability reports at security@redshrew.com, actively validating and promptly addressing identified issues. Regular security advisories are publicly available.

Compliance Certifications

  • SOC2 Type I & II
  • ISO 27001

Reports and certificates are available upon request.

Data Privacy

RedShrew adheres strictly to applicable data protection laws, offering a Data Processing Addendum detailing our privacy and compliance obligations.