Security is foundational to everything we do at Outline. You've entrusted us with your data, and we protect it as if it's our own. We have created a security model to ensure that your data is protected by the very best practices and tools in the industry.
Architecture & Procedures
- All of our infrastructure is hosted in AWS within a virtual private network. Our servers cannot be accessed via the public internet, except for those needed to proxy requests.
- All activity within AWS is monitored and logged using AWS Cloudtrail.
- We utilize security tools like AWS WAF, Shield, and GuardDuty.
- Prior to every deploy, our codebase is analyzed for security issues using NCC Group's Sobelow.
- Only people who need access, get access. No one is permitted to view your data without your permission.
- We enable encryption of all data both at rest and in transit over public networks.
- We create database backups every 24 hours and backups are retained for 30 days.
- We integrate to other services (like Salesforce) using OAuth2, and we never store your username and password for those services.
- Outline login passwords are hashed and salted using Argon2.
- We're in the process of obtaining our SOC 2 certification.
Bug Bounty Program
Outline's Bug Bounty Program is part of our commitment to increasing the security of all users at Outline. If you'd like to report a vulnerability, please email firstname.lastname@example.org.
We are in full support of data privacy regulations, such as GDPR, and we are committed to your privacy beyond compliance. We feel strongly that your data is your data, and it will never be used for mining or advertising purposes.
If you would like to exercise your privacy rights, you can send your request to email@example.com at any time.
We will provide you with a folder containing all of your data from Outline organized by data type. Notes will be sent in a markdown format.
Deleting your account will automatically deactivate it. After 30 days, all backups will be removed from our servers, and your data will no longer be recoverable.
We provide in-app functionality to modify your personal information such as first name, last name, and email.
Data collection practices are presented and granted consent upon sign up. Consent can be withdrawn at any time by submitting a deletion request.
If you have any questions or concerns, please contact firstname.lastname@example.org.