Trust center

Thousands of DevOps teams trust Octopus to automate their deployments and operational tasks.

The security and privacy of our customers' personal, company, and intellectual property data, are top priorities at Octopus. We're dedicated to maintaining and continuously improving our security and compliance programs.

Enterprise compliant

We undergo regular third-party audits and technical assessments of our data security to ensure privacy and safety. Our security credentials include:

We also provide a CSA Consensus Assessment Initiative Questionnaire (CAIQ) lite, which is a convenient, standards-based, mechanism for aligning different compliance frameworks with our own.

We comply with applicable legal and regulatory requirements in relation to handling personal data such as GDPR and CCPA. See our Privacy Policy and our GDPR disclosures for more information, or refer to our Data Processing Agreement.

Email our compliance team for more information about our commitment to the above standards.

Proactive platform security

We perform ongoing security testing, including:

  • Vulnerability scanning
  • Penetration testing
  • External testing via our Bugcrowd bug bounty program

Every year Octopus undergoes a security review conducted by a third-party company. Download our annual security assessment to find out more.

We also tell you about problems as soon as we know about them, with real-time status updates.

See our trust report for a comprehensive, real-time look at our security controls, policies, and compliance reports.

Security operations

Our Security Operations, Product, Engineering, IT Operations & Compliance teams, build security into all our processes.

Our secure, industry-standard development practices help prevent security threats.

SOCII logo

ISO 27001 logo

GDPR logo

Our compliance roadmap

Octopus Deploy Compliance Roadmap
Product Security

Secure by design

Data encryption

We already encrypt data we believe is sensitive, but you can encrypt any variables you want to protect.

Secure comms

Octopus communicates with deployment targets using transport encryption and tamper-proofing techniques.

Simpler auditing

Create a culture of team trust and accountability. Every action is traceable in Octopus's extensive audit logs.

Access control

Set controls for different teams in your organization with single sign-on (SSO) and role-based access control (RBAC).

Audit log streaming in Octopus Deploy

Security admin controls

Verify team members and control who can do what in Octopus.

The tools include:

  • Identity and access control
  • HTTP security controls
  • Single sign-on (SSO)
  • IT service management (ITSM) integrations for enterprise customers

Learn more about product security

Integrations

Authentication providers

Alongside built-in account management and Octopus ID, we support major authentication providers out-of-box.

  • Username and password
  • Active Directory authentication
  • Azure Active Directory authentication
  • GoogleApps authentication
  • LDAP authentication
  • Okta authentication
  • Guest login

Learn more about authentication providers

EULAs & legal

Legal documents and policies

Customer agreement

Our customer agreement, signed by over 20,000 companies, governs the use of Octopus Deploy. Please note that we have separate product terms regarding Octopus Server, Octopus Cloud, priority support terms, and TAM services terms.

We don't negotiate on our customer agreement. It allows us to standardize and keep our costs down.

Privacy policy

We strongly believe in privacy. Octopus complies with the European Union's General Data Protection Regulation (GDPR).

Read our privacy policy to understand what data we collect and how we use it.

Octopus Cloud acceptable use policy

We want you to have the best possible experience with Octopus Cloud, but without affecting--or getting affected by--others.

Our acceptable use policy outlines how you should use Octopus Cloud and how you shouldn't.

Other legal documents

  • Our vendor profile has most of the information you need
  • We provide a W8-BEN-E form as an Australian company (rather than a W9)
  • D-U-N-S® number: 747191893
  • Employer Identification Number (EIN): 98-1163259
  • Australian Business Number (ABN): 69 160 339 186
  • North American Industry Classification System (NAICS) number: 511210 (Software Publishers)
  • Export Control Classification Number (ECCN): EAR99 (no CCATS number)
  • We're a resident of Australia for income tax purposes. See our 2023 certificate and 2024 certificate.
  • Airwallex Bank account verification letter.

For more information

Email us for more information about our security credentials and the security features of our product.