• security

Your code and collaboration data deserve the highest protection.

At Assembla, security and data protection come first. See how we help 1 million users in 100 countries manage their repositories and project data.
Verified by trusted security organizations.
AICPA SOC 2 Type II
Assembla passes rigorous annual evaluations of its internal controls, performed by third-party auditors, around data security, availability, integrity, and privacy.
GDPR
Assembla exceeds GDPR principles by always obtaining consent to collect data and implementing robust security measures with access controls. You can always erase personal information.
Privacy Shield
Assembla meets strict data protection requirements for all transfers of personal data between the European Union and United States.
  • INtegrations

Data protection at every layer.

Data Protection

Full encryption

Assembla stores data with AES 256-bit encryption and leverages SSL for all data in transit.

Passwords are never stored directly in the database.
Data Protection

In-house DevOps

Assembla’s DevOps team works 24/7/365 to continuously improve our data protection practices and continuously observe network access/traffic with real-time intrusion monitors.
Data Protection

Restricted production access

Access to production infrastructure is limited to VPNs with specific user accounts and credentials.



Physical security is provided by AWS staff in Ohio, USA; Frankfurt, Germany; or another region based on your managed hosting instance.
Data Protection

Protected APIs

Our developer API uses proven OAuth 2.0-based authentication methods like encrypted API keys and three-step authentication flows.
Data Protection

No compromise

No threat actor has ever compromised Assembla’s cloud infrastructure in more than 18 years in operation.
  • Covered

Disaster recovery is covered.

Geographic distribution
Assembla operates from multiple redundant facilities for performance, availability, and failover options in an outage or data loss scenario.
Hourly backups
On-demand backups to a public cloud provider is our first step in disaster recovery.
Replication
Multiple servers within the same data center replicate new or changed data in real-time.
Multiple failovers
We sync your code and collaboration data to a failover server in the same data center within 30 minutes, then to a disaster recovery cluster in a different region for the highest guarantees your data is safe.
Data retention
When you delete data, we retain copies for a month to allow for recovery of deleted repositories or project management assets.
Complete protection
For every bit written by you, we write it at least 16 more times for redundancy and backups.
  • INtegrations

Accessible features to help you solidify your security posture.

Easy audit reports
View reports of user activity like repository access, merge requests, pushes, and more and export in audit-friendly formats. 
Built-in static analysis
Enable Assembla’s vulnerability scanner to identify possible credential leaks and other security issues before they’re merged.
Multiple authentication options
Manage user accounts with AD/LDAP, then enforce single sign-on (SSO) using SAML 2.0, multi-factor authentication, and your trusted identity provider.
Advanced user controls
Advanced user controls
Limit access to projects and repositories based on user type, protect your branches by requiring multiple reviews, and configure notifications when anyone makes key changes to your source code.

Assemble a secure SCM+PM platform in less than a minute.

Let Assembla handle the DevOps complexity of a merged source code and project management platform. Focus your technical and creative talent on assembling your next big project.