Overview
Rockhopper is a version control and collaboration platform for spreadsheets, built for finance and accounting teams that work with sensitive financial data every day. Security, data integrity, and privacy are foundational to how the platform is designed and operated.
Security principles
Minimal data access. Rockhopper only requests the permissions necessary to read and write the files you choose to enroll. We don't scan, index, or analyze spreadsheet contents beyond what's needed for change tracking.
Encryption everywhere. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication tokens are held in memory only — never persisted.
Isolation by design. Production and staging environments are fully separated at the network level. Each infrastructure component runs with its own firewall rules and the minimum required exposure.
Audit-ready. Every data mutation is logged with the acting user's identity, the resource affected, and a timestamp. This audit trail supports SOC 2 compliance requirements.
No credential storage. Rockhopper delegates all authentication to Microsoft Entra ID (Azure AD) and Google Identity. We never store user passwords or authentication credentials.
Compliance
Rockhopper is actively pursuing SOC 2 Type II compliance. Our security controls, data handling practices, and operational procedures are designed to meet the Trust Services Criteria for Security, Availability, and Confidentiality.
What's in this section
Platform components, cloud infrastructure, and integration approach
What data we store, how long we keep it, and how to request export or deletion
How data is protected in transit and at rest
Network isolation, SSL/TLS, and web application firewall
Infrastructure access, application-level authorization, and audit logging
Logging, alerting, backup strategy, and disaster recovery
Exact API permissions requested and why
Contact
Security and privacy inquiries
General support
Last updated