# Overview Rockhopper is a version control and collaboration platform for spreadsheets, built for finance and accounting teams that work with sensitive financial data every day. Security, data integrity, and privacy are foundational to how the platform is designed and operated. ## Security principles **Minimal data access.** Rockhopper only requests the permissions necessary to read and write the files you choose to enroll. We don't scan, index, or analyze spreadsheet contents beyond what's needed for change tracking. **Encryption everywhere.** All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication tokens are held in memory only — never persisted. **Isolation by design.** Production and staging environments are fully separated at the network level. Each infrastructure component runs with its own firewall rules and the minimum required exposure. **Audit-ready.** Every data mutation is logged with the acting user's identity, the resource affected, and a timestamp. This audit trail supports SOC 2 compliance requirements. **No credential storage.** Rockhopper delegates all authentication to Microsoft Entra ID (Azure AD) and Google Identity. We never store user passwords or authentication credentials. ## Compliance Rockhopper has completed a **SOC 2 Type II** audit covering the **Security** and **Confidentiality** trust service categories. The examination was performed by Laika Compliance LLC for the period January 1 -- June 30, 2025 and resulted in an **unqualified (clean) opinion with no exceptions**. Our security controls, data handling practices, and operational procedures are independently verified against the AICPA Trust Services Criteria. We also conduct annual independent penetration testing and maintain a formal Information Security Policy that is reviewed and approved annually. The full SOC 2 Type II report is available to current and prospective customers under NDA. Contact to request a copy. ## What's in this section | Page | What it covers | | -------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | [System Architecture](/security-and-compliance/architecture.md) | Platform components, cloud infrastructure, and integration approach | | [Data Governance](/security-and-compliance/data-governance.md) | What data we store, how long we keep it, and how to request export or deletion | | [Encryption](/security-and-compliance/encryption.md) | How data is protected in transit and at rest | | [Network Security](/security-and-compliance/network-security.md) | Network isolation, SSL/TLS, and web application firewall | | [Access Control](/security-and-compliance/access-control.md) | Infrastructure access, application-level authorization, and audit logging | | [Monitoring & Backup](/security-and-compliance/monitoring-backup.md) | Logging, alerting, backup strategy, and disaster recovery | | [Microsoft Permissions](/security-and-compliance/microsoft-permissions.md) | Exact API permissions requested and why | | [Trust & Verification](/security-and-compliance/trust-and-verification.md) | SOC 2 attestation, penetration testing, vulnerability management, and security governance | ## Contact | Purpose | Email | | ------------------------------ | ----------------------- | | Security and privacy inquiries | | | General support | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rockhopper.co/security-and-compliance/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.