Security @ Endgame

Security @ Endgame

At Endgame, it is our priority to protect the privacy and security of your and your customers' data. We address this responsibility through a security and privacy by design methodology and by following to industry-leading standards. Please view our Trust Site for details and to request access to our reports/evidence.

SOC 2 Compliance

Endgame has completed SOC 2 Type II Certification. In addition to regular audits of our policies and procedures, we partner with Drata for continuous monitoring of our compliance.

Our report is available upon request under NDA to current and prospective customers. Visit ouror speak with your Account Executive, to request access.

GDPR/CCPA

Endgame is compliant with both GDPR and CCPA. Our list of sub-processors we work with and the purpose for why we use their services is kept current and available on our trust site. We have a Data Processing Agreement (DPA) available upon request.

For data deletion requests, please email the details of the request to privacy@endgame.io.

Disclosure

Endgame believes in responsible disclosure. Our Vulnerability Disclosure PolicyVulnerability Disclosure Policy (VDP) covers the details, but if you notice a security issue or concern we want to hear from you at security@endgame.io. We do not currently have a bug bounty program.

Open Source Stance

Endgame evaluates libraries on a case-by-case basis, but our default stance is to allow non-invasive licenses approved by OSI.

A comprehensive library report is available upon request under NDA to current and prospective customers. Email us at support@endgame.io to request.

Generative AI

Endgame leverages OpenAI Enterprise as a sub-processor for text summarization and natural language interaction processing. No data sent to OpenAI is used for training purposes.

OpenAI consistently meets or exceeds our rigorous standards for third-party vendors, including SOC 2 Type II certification and GDPR/CCPA compliance.

Additional Information

  • Endgame availability is reported at https://status.endgame.io/
  • You can request access to our latest security artifacts at our trust site.
  • We are currently hosted on GCP in the US-Central1 region
  • Data encrypted at rest (AES256) and in transport (HTTPS/TLS)
  • Zero knowledge Endgame API keys (we only store a hashed value for your key)
  • Auth0 managed authentication/authorization. This includes support for SSO/SAML
  • We follow the principle of least privilege for employee access to production environments and data
  • We perform constant vulnerability scanning on dependencies and container images
  • We undergo Third-Party Penetration Test and Security Review at least annually
Vulnerability Disclosure PolicyVulnerability Disclosure Policy