StackImpact product security information.


StackImpact agents are standard application packages that run as a part of application process. Agents only use outbound connections to API at Agents do not listen on any port, do not communicate with other processes and do not implement any externally initiated actions.

The communication between agents and servers is encrypted using TLS and a valid certificate. Agents must authenticate using an agent key. The agent key is only available in the Dashboard and can be reset at any time.


The StackImpact Dashboard is single-page application that securely communicates with the Dashboard API. The Dashboard is hosted on Linode. Linode is a HIPAA compliant cloud hosting provider.

The Dashboard does not directly implement 2FA. It supports GitHub authentication via OAuth. Users can be securely authenticated using 2FA-enabled GitHub accounts.


Communication between StackImpact agents and servers as well as browsers and servers is always encrypted with TLS using a valid, up-to-date certificate.


StackImpact does not process or store any payment information. The subscription billing is handled by Recurly, a PCI DSS Level 1 compliant payment provider.

Vulnerability Disclosure

Vulnerabilities, security issues or concerns can be directly reported at