We use a small number of cookies to keep you signed in and, with your permission, to understand how the product is used so we can improve it. See our privacy policy.
Releasedog stores release notes, not secrets. Still, we treat every byte like it matters — because your work does. Here's how we keep it safe.
last updated: June 5, 2026
All traffic uses TLS 1.3. Data is encrypted at rest with AES-256 via our managed Postgres provider.
Hosted on Vercel with Neon Postgres. Automatic scaling, DDoS protection, and region-pinned data.
Optional TOTP 2FA with any authenticator app (1Password, Authy, Google Authenticator) plus one-time backup codes. Sessions use rotating tokens, bcrypt password hashing, and rate-limited sign-in.
Admin access is gated by SSO and audited. No engineer accesses production customer data for debugging.
Errors, anomalies, and sign-in patterns are tracked in real time. On-call engineers get paged within minutes.
Each workspace lives on its own subdomain with scoped queries. No workspace can read another's data, ever.
We're a small team, so we pick battles carefully. These are the ones we fight by default.
Think you found something? We appreciate responsible disclosure. Email us and we'll respond within one business day.
security@releasedog.comWe publish real-time status and historical uptime. If something breaks, we post about it there first.
View status pagethis page is a living document — we update it as we ship