Security

Your data is safeguarded.

Security is our highest priority.

  • GDPR & SCC for data transfers
  • SOC 2 Type II report
  • SSOSAML, AD
  • SCIM provisioning

Enterprise leaders trust their data with Stack Overflow for Teams:

Security is the foundation of our platform.

See how we keep your data secure, so your teams can stay productive and innovative.

Separate databases —
just for you.

Our product was designed to ensure your data is logically isolated into its own SQL schema and stored in separate databases accessible only by requests from your team.

Encryption keeps your data safe.

All customer data is encrypted when in transit over public networks and within our network between the private Teams network zone and the rest of our infrastructure.

Ensure your internal knowledge remains private and secure.

Easy access control with Single Sign-On

Available on all paid tiers, SSO allows organizations to control access using an existing Identity Provider (IDP).

Automated user provisioning

SCIM 2.0 allows an Identity Provider to update the application with the user’s activation status (Active/Deactive) and/or permission (Admin/User).

Built on ISO 27001 framework

Our robust information security program is built on the reputable ISO 27001 framework. Access to our Information Security Policy can be provided with a signed NDA.

SOC 2 Type II certification

Available for our hosted Enterprise version of Stack Overflow for Teams, our SOC 2, Type II report attests that the controls we put in place match established and trusted requirements.

See why thousands of companies trust us to keep their proprietary info safe.

G2 review site logo
Named in four of G2’s lists of Best Software for 2022!
4.5/5

Frequently Asked Questions

General security measures for our knowledge management software.

General security measures

What is the difference between hosting yourself or in the Stack Overflow Enterprise Managed Cloud?

If you decide to host data in your own data center, this changes who has physical access to the servers.

Is client data encrypted?

The Stack Overflow Enterprise application requires the use of HTTPS in order for our clients to communicate with the site.

Who has access to login details?

Stack Overflow doesn’t store usernames or passwords that are owned and managed by your organization because we require you to configure a SAML 2.0 Identity Provider (IDP) in order for users to access the site. To successfully log in with an account from a configured SAML 2.0 IDP, we require a unique ID, an email, and a full name.

Which Security certifications do you have on an organizational level?

We operate according to GDPR and we also have a SOC 2 Type II report.

Security measures for hosting on your own premises

Where is Stack Overflow Enterprise Customer Data stored?

With Enterprise you have a choice between hosting the application in your own data center or cloud service.

Azure cloud security measures

Where is Stack Overflow Enterprise Customer Data stored?

For the Enterprise Cloud option, we use Microsoft Azure Cloud, which means you’ll have world class infrastructure and security of that platform as your backbone, which includes SOC II and ISO27001 certified infrastructure.

How do you separate my Team’s data from public Stack Overflow data?

Each Enterprise instance of Stack Overflow for Teams is isolated in its own Virtual Network within our Azure Cloud Subscription. This means that the infrastructure for your Team is not shared among our customer base and we provision each customer’s infrastructure in such a way that traffic and data never cross customer boundaries.

Can issues on other Enterprise clients instances affect my data?

No. The whole infrastructure is set up to isolate applications, networks, and ultimately your data from other customers. We provision a separate Virtual Network in our Azure Cloud Subscription for each customer.

What encryption is used on Azure?

For Cloud Hosted, we utilize SQL Transparent Data Encryption (TDE) to encrypted data at rest. Data in transit is encrypted using TLS 1.2 using a SHA256 certificate with a 2048-bit key.

Who has admin access at Stack Overflow?

Access is restricted to Site Reliability Engineers for Stack Overflow Enterprise who have been trained on the information security policies and guidelines in place. This includes guidelines for Data Loss and Leakage Prevention which aim to prevent customer data from ever leaving your provisioned resource group in our Azure Cloud subscription.

Where can I learn more about Azure Cloud?

Since we run and manage the Stack Overflow Enterprise Managed Cloud service through a SOC II and ISO27001 certified Azure Cloud, you can learn all about it in detailed specifications published by Azure Cloud on the security of its public cloud platform and infrastructure.