StackImpact agents are standard application packages that run as a part of application process. Agents only use outbound connections to API at
agent-api.stackimpact.com. Agents do not listen on any port, do not communicate with other processes and do not implement any externally initiated actions.
The communication between agents and servers is encrypted using TLS and a valid certificate. Agents must authenticate using an agent key. The agent key is only available in the Dashboard and can be reset at any time.
The Dashboard does not directly implement 2FA. It supports GitHub authentication via OAuth. Users can be securely authenticated using 2FA-enabled GitHub accounts.
Communication between StackImpact agents and servers as well as browsers and servers is always encrypted with TLS using a valid, up-to-date certificate.
StackImpact does not process or store any payment information. The subscription billing is handled by Recurly, a PCI DSS Level 1 compliant payment provider.
Vulnerabilities, security issues or concerns can be directly reported at firstname.lastname@example.org.