Overview

Rockhopper is a version control and collaboration platform for spreadsheets, built for finance and accounting teams that work with sensitive financial data every day. Security, data integrity, and privacy are foundational to how the platform is designed and operated.

Security principles

Minimal data access. Rockhopper only requests the permissions necessary to read and write the files you choose to enroll. We don't scan, index, or analyze spreadsheet contents beyond what's needed for change tracking.

Encryption everywhere. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication tokens are held in memory only — never persisted.

Isolation by design. Production and staging environments are fully separated at the network level. Each infrastructure component runs with its own firewall rules and the minimum required exposure.

Audit-ready. Every data mutation is logged with the acting user's identity, the resource affected, and a timestamp. This audit trail supports SOC 2 compliance requirements.

No credential storage. Rockhopper delegates all authentication to Microsoft Entra ID (Azure AD) and Google Identity. We never store user passwords or authentication credentials.

Compliance

Rockhopper has completed a SOC 2 Type II audit covering the Security and Confidentiality trust service categories. The examination was performed by Laika Compliance LLC for the period January 1 -- June 30, 2025 and resulted in an unqualified (clean) opinion with no exceptions.

Our security controls, data handling practices, and operational procedures are independently verified against the AICPA Trust Services Criteria. We also conduct annual independent penetration testing and maintain a formal Information Security Policy that is reviewed and approved annually.

The full SOC 2 Type II report is available to current and prospective customers under NDA. Contact [email protected] to request a copy.