Data privacy concerns

[John Hannah]

Hi, I’ve had a client express reservations about me using Gitpod due to privacy/data security concerns. Aside from what’s in the terms of service are there any resources that might provide more confidence? I was on the verge of buying an unlimited subscription when I did a demo of Gitpod and the concern was raised immediately. I’m wondering about encryption of files at rest, that sort of thing. I guess basically, how can a company have confidence that their source code is secure, even from Gitpod employees? Or is Gitpod not good for that use case?

[John Hannah]

Just following up here. I hope my original comment didn’t appear to be insincere or sarcastic. My question is a sincere one. I’m looking for help in understanding what the limits of the Gitpod service is with regard to data privacy and how to discuss with clients who may have concerns about the security of their code.

Hi @john-hannah, thank you for raising an important concern and sorry for the late reply – I wanted to confirm a few things with the team first (and in particular with our Data Protection Officer in accordance to the GDPR).

Here is what we can guarantee in terms of data privacy:

All Gitpod data lives and stays in Google Cloud: active workspaces run in Kubernetes clusters with modern security policies, and all other data is encrypted at rest in Google Cloud Storage.

Access tokens are encrypted both in-flight and at rest.

Deleting a workspace removes all data from our system immediately (there is no retention beyond this point, i.e. workspace data and any backups are lost forever).

Gitpod operators can technically look at workspace data, but internal Gitpod policy forbids it unless there is strong suspicion of our rules of Fair Use being violated (see Terms of Services), or there is a support case where a user asks for admin intervention. Also, any admin access is logged and cross-verified where possible.

We take data privacy and security very seriously, so if you have any question, suggestion or concern not covered by these guarantees, please let us know (for security concerns, please email directly). For example, if any of your clients require us to pass certain certifications, we’ll be happy to see what we can do.

(Also, we should probably back these guarantees with additional references, and add them to our documentation.)

[John Hannah]

Thank you so much Jan! This is a thoughtful and detailed response and it is much appreciated. It reassures me that Gitpod is a suitable option and I’ll be sure to pass your reply along to my client.

That sounds great, thanks a lot @john-hannah! Please do let us know if there is anything else we can help you with or improve on our side

[John Hannah]

@jan Something else has indeed come up. I know Gitpod is from Germany. My client has concerns about having data located outside of the US. How does that work with Gitpod? Is there a way to assure US customers have their data in the US for regulatory reasons?

@john-hannah So Gitpod currently operates in three regions: US, Europe, Asia-Pacific. Workspaces are created and stored in the region closest to you (you should see something like ws-us in your workspace URL), and its data doesn’t leave unless you access your workspace from another region (e.g. you’re traveling to Asia, or using a VPN that comes out in Europe, or you share a Snapshot with a European colleague).

However, our database is constantly synced between all regions, so some data (e.g. metadata and account info) will travel. The only sure-fire way to ensure that none of your data travels is to use Gitpod Enterprise, which can be deployed on any infra of your choice. Hope this helps!

[John Hannah]

Thank you @jan!

Hi, I have a related question. Can you discuss the security situation for terminal logs? For example, are Gitpod employees ever able to view terminal logs from a workspace? Do the logs ever get stored anywhere? If so, where and for how long? Any other helpful info here? There may ocassionally be sensitive information in our terminal logs, and I want to understand what the potential risks are.

Thanks! - Blake