Assembla Security Statement

Assembla, Inc. (“Assembla”), is committed to respecting and protecting the privacy of its customers, partners and website visitors (collectively “You” or “Your”). For more information about our Privacy Statement, click

The security of your personal information is very important to Assembla. We use robust security measures, which encompass both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. For example, Assembla requires that its processors and sub-processors (collectively, “Vendors”) have implemented and maintain a security program in accordance with industry standards, specifically Assembla Vendors shall include the following security program:

I – System Access Control: Data processing systems must be prevented from being used without authorization. Vendors have implemented the following controls:

  1. implement measures to prevent unauthorized personnel from accessing data processing systems.
  2. provide dedicated user IDs for every authorized personnel accessing data processing systems for authentication purposes.
  3. assign passwords to all authorized personnel for authentication purposes.
  4. ensure that all data processing systems are password protected to prevent unauthorized persons accessing any personal data: (a) after boot sequences; and (b) when left unused for a short period.
  5. ensure that access control is supported by an authentication system.
  6. have implemented a password policy that prohibits the sharing of passwords, outlines processes after a disclosure of a password, and requires the regular change of passwords.
  7. ensure that passwords are always stored in encrypted form.
  8. implement a proper procedure to deactivate user accounts when a user leaves the processor (or processor function).
  9. implement a proper process to adjust administrator permissions when an administrator leaves the processor (or processor function).
  10. Assembla uses Amazon Web Services to store customer source code and data:
    • Amazon datacenter in Ohio, USA.
    • Amazon datacenter in Frankfurt, Germany.
    • Another AWS region could be used on customer’s demand for single-tenant offering.

II – Data Access Control: Persons entitled to use a data processing system shall gain access only to the data to which they have a right of access, and personal data must not be read, copied, modified or removed without authorization in the course of processing or use and after storage. Vendors have implemented the following controls:

  1. ensure that personal data cannot be read, copied, modified or removed without authorization during processing or use and after storage.
  2. grant data access only to authorized personnel and assigns only the minimum data permissions necessary for those personal to fulfil their duties.
  3. ensure that the personnel who use the data processing systems can access only the data to which they have a right of access.
  4. restrict access to files and programs based on a "need-to-know-basis".
  5. store physical media containing personal data in secured areas.
  6. have measures in place to prevent use/installation of unauthorized hardware and/or software.
  7. have established rules for the safe and permanent destruction of data that are no longer required.

III - Credit Card Data: Assembla does not store or receive any kind of credit card data other than a reference token that allows us to create payments with our payments provider Stripe, a PCI Level 1 certified payments provider. Please refer to their security policy for more details:

In addition, Assembla requires its Vendors (i) to maintain a list of subprocessors that may process the Personal Data of Vendor’s, and make available such list to Assembla; and (ii) to require all subprocessors to abide by substantially the same obligations as Vendor under Assembla Data Processing Agreement for Vendors.

Assembla incorporates encryption, incident management, network and system integrity, and availability and resilience requirements into its security program.

Assembla uses standard security protocols mechanisms to exchange the transmission of sensitive data such as credit card details. When you enter sensitive personal information such as your credit card number on our site, we encrypt it using Secure Socket Layer (SSL) or Transport Layer Security (TLS) technology.

In the event that your personal information is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, Assembla will notify you by e-mail or mail. Assembla will give you notice promptly, consistent with the reasonable needs of law enforcement and/or Assembla to determine the scope of the breach and to investigate and restore the integrity of the data system.

If you have additional questions about privacy, please contact us at [email protected]