Neon raises $30M in Series A-1Read More

Security

At Neon, security is our highest priority. We are committed to implementing best practices and earning the trust of our users.

Security reporting

Neon is currently in Technical Preview, and vulnerabilities may be present. We have established a security reporting procedure to address security issues quickly. We recommend using Neon only with public or non-sensitive data at this time.

💡 Reporting issues: If you have a security concern or believe you have found a vulnerability in any part of our infrastructure, please contact us at security@neon.tech. If you need to share sensitive information, we can provide you with a security contact number through Signal.

Our commitment to solving security issues

  • We will respond to your report within three business days with an evaluation and expected resolution date.
  • We will handle your report with strict confidentiality and not share any personal details with third parties without your permission.
  • We will keep you informed of the progress towards resolving the problem.
  • Once the report has been resolved, we will credit the finding to you in our public security.txt document, unless you prefer to stay anonymous.
  • If we need to access proprietary information or personal data stored in Neon to investigate or respond to a security report, we shall act in good faith and in compliance with applicable confidentiality, personal data protection, and other obligations.

We strive to resolve all problems quickly and publicize any discoveries after their resolution.

Neon does not have a bug bounty program and does not pay financial bonuses or bounties for reporting bugs or vulnerability issues.

How to disclose vulnerabilities

Neon pays close attention to the proper security of its information and communication systems. Despite these efforts, it is not possible to entirely exclude the existence of security vulnerabilities.

If you identify a security vulnerability, please proceed as follows under the principle of responsible disclosure:

  • Report the security vulnerability to Neon by contacting us at security@neon.tech. Provide as much information about the security vulnerability as possible.
  • Do not exploit the security vulnerability; for example, by using it to breach data, change the data of third parties, or deliberately disrupt the availability of the service.
  • All activities relating to the discovery of the security vulnerability should be performed within the framework of the law.
  • Do not inform any third parties about the security vulnerability. All communication regarding the security vulnerability will be coordinated by Neon and our partners.
  • If the above conditions are respected, Neon will not take any legal steps against the party that reported the security vulnerability.
  • In the event of a non-anonymous report, Neon will inform the party that submitted the report of the steps it intends to take and the progress toward closing the security vulnerability.

Secure data centers

Neon’s infrastructure is hosted and managed within Amazon’s secure data centers in the USA and backed by AWS Cloud Security. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. For information about AWS data center compliance programs, refer to AWS Compliance Programs.

Neon's security roadmap for 2022

Neon is undergoing internal reviews to achieve SOC2 Type 2 certification.

We will share more information about Neon's security plans on Github soon.