Landing page does not address the elephant in the room: security and trust. I can't imagine mentioning in our security policy/audit that we store secrets with a third party and Doppler doesn't seem to be talking about this aspect, just ease of use. But this isn't a photo sharing app.
Thanks for pointing this out, you're absolutely right. I'm linking to our Security page[0] and our security docs[1] below, but we'll definitely be updating our marketing site to place more of an emphasis on this. I hope the rest of this post and our comments here illustrate that trust and security are things we think a lot about, despite our oversight with the landing page.
Are you planning external compliance certification similar to AWS [1]? In particular the PCI/DSS world requires underlying auditing and compliance of infrastructure components.
Similar to AWS we plan to get extensive external compliance certifications starting with SOC 2. We are currently in our first audit cycle and plan to expand into other compliances there after. Truthfully we are still evaluating which compliances to get next (PCII, ISO, etc) based on customer demand.
We also do frequent pentests to help vet our infrastructure and security posture.
