Security at Split
Split follows extensive practices to track and protect your data as it moves through our services.
Split Security Practices
To learn more about Split’s security practices, view our help documentation or download our Split Security Primer by clicking below.
Secure data encryption
Split employs SSL encryption in transit, with default communications handled over TLS 1.2 security. Split keys and secrets are stored using the Amazon AWS Key Management Service, and login tokens are salted and encrypted for increased security.
Infrastructure security
Split’s production servers are hosted in AWS and subject to all of Amazon’s cloud security protocols. Split’s policies provide limited access to its production environment. Separate staging and production environments are utilized, and main datastore backups occur daily.
Recurring security testing
A third party assesses the security of the Split web application semi annually. Split addresses any findings from this assessment according to the risk they pose to the security of the Split service.
You own your customer data
You have complete control over what data is sent back to Split. No user identifiable data is retained by default as sharing sensitive user data is not required to target features controlled by Split end users.
Two-factor authentication and single sign-on
Split accounts provide two-factor authentication, and administrators can view the 2FA status of any user at any time. Single sign-on is available via SAML and Google account sign-in.
Industry-standard access controls
Role-based access controls, managed via groups, allow administrators to set permissions by-environment and by-feature for individuals and teams.
Frequently Asked Questions
Is your data encrypted? Do you have a backup plan? How are passwords stored?
Find answers to our top questions.
Create Impact With Everything You Build
We’re excited to accompany you on your journey as you build faster, release safer, and launch impactful products.