ngrok.com Open in urlscan Pro
35.92.55.128  Public Scan

Form analysis
0 forms found in the DOM

Text Content

YOUR PRIVACY

Welcome to ngrok! We’re glad you’re here and want you to know that we respect
your privacy and your right to control how we collect, use, and share your
personal data. Listed below are the purposes for which we process your
data–please indicate whether you consent to such processing. For more
information on our privacy practices, including legal bases and our use of
tracking technologies like cookies, please read our Privacy Policy.



PURPOSES

Reject AllAccept All
AnalyticsLegal Basis: Consent - Opt In


Collection and analysis of personal data to further our business goals; for
example, analysis of behavior of website visitors, creation of target lists for
marketing and sales, and measurement of advertising performance.

Legal Basis

Data subject has affirmatively and unambiguously consented to the processing for
one or more specific purposes

Cookies
Behavioral AdvertisingLegal Basis: Consent - Opt In


Creation and activation of advertisements based on a profile informed by the
collection and analysis of behavioral and personal characteristics; we may set
cookies or other trackers for this purpose.

Legal Basis

Data subject has affirmatively and unambiguously consented to the processing for
one or more specific purposes

Cookies
Essential ServicesLegal Basis: Legitimate Interest - Non-Objectable


Collection and processing of personal data to enable functionality that is
essential to providing our services, including security activities, debugging,
authentication, and fraud prevention, as well as contacting you with information
related to products/services you have used or purchased; we may set essential
cookies or other trackers for these purposes.

Legal Basis

Necessary for the purposes of the legitimate interests pursued by the controller
or by a third party, except where such interests are overridden by the interests
or fundamental rights and freedoms of the data subject

Cookies
FunctionalLegal Basis: Consent - Opt In


Legal Basis

Data subject has affirmatively and unambiguously consented to the processing for
one or more specific purposes

Save choices
🤯 Introducing Traffic Inspector - Observability right from the ngrok dashboard.
Learn more ->
Platform
Use cases

ngrok for development
Developer Preview

Webhook Testing

ngrok for production
API Gateway

Device Gateway

Global Load Balancer

Identity-Aware Proxy

Kubernetes Ingress

Site-to-site connectivity

More from ngrok

Talk to an expert

Blog
Resources

Resources
Customers
Trusted by the best teams and recommended by category leaders

Partners
Build what you love with ngrok and our partners

Security
Security, privacy, and compliance
Events & Webinars
Visit virtual and in-person events for live learning and discussions

Guides
Tutorials for common tasks using ngrok

Videos
Learn how you can use ngrok with your application
Docs

Docs
View all docs
Browse our catalog of technical documentation

Quick start
Put your app on the internet with the ngrok agent in less than a minute

API
Programmatic access to all of ngrok's resources
SDKs
Embed ngrok directly into your application

Integrations
Effortlessly integrate with your favorite software platforms

GitHub
The home of ngrok's open source software projects that you can use to build on
ngrok
Pricing
Get ngrok

Get ngrok
Download
The fastest way to put anything on the internet

Getting started
ngrok is easy to install
SDKs
Embed ngrok directly into your application

Contact us
Talk to an ngrok expert
LoginSign up
Log inSign up





SECURITY, PRIVACY, AND COMPLIANCE

Working with ngrok means working with a vetted, secure solution & seasoned team
who understands security




TRUSTED BY OVER 5 MILLION DEVELOPERS AND RECOMMENDED BY CATEGORY LEADERS




SECURITY AT NGROK

The ngrok service is designed, built, maintained, monitored, and regularly
updated with security in mind. We use the shared security responsibility model,
a framework adopted by many cloud providers — including Amazon AWS, Microsoft,
and Salesforce — to identify the distinct security responsibilities of the
customer and the cloud provider. In this model:

ngrok is responsible for the security of the ngrok service. ngrok is also
responsible for providing features you can subscribe to in order to secure your
services.
Our customers are responsible for securing how they use the ngrok service. This
includes, for example, granting the correct permissions to users and
administrators, disabling accounts and auth tokens when employees are
terminated, properly configuring features required to protect your data, and
keeping ngrok agents updated in our systems.


HOW NGROK SECURES ITS SOFTWARE DEVELOPMENT PROCESS

The ngrok software development lifecycle is designed with precautions to reduce
security risks during code development while delivering software functionality.
ngrok adopts rigorous processes and automation to ensure consistency across the
development.

Access control

We use an identity provider, which enforces minimum password requirements and
multi-factor authentication.

We require our vendor applications to have two-factor authentication or use SSO
with our identity provider.

Our internal applications are part of a zero-trust setup via OAuth and OIDC. We
gate access to our codebase using GitHub. Developer credentials are rotated
based on a set schedule in an automated fashion.

Change management

We follow industry standard best practices when it comes to updating and
deploying our code.

We leverage automated tools to scan our code for a variety of issues, including
syntax errors, code style, code quality, CVEs in our container builds, outdated
dependencies, and more.

Before code is merged to our master branch, we run automated tests against the
build for this code change.

All code merged to our master branch must also be reviewed by a human being as
well through a pull request.

We have an automated process for deploying our code changes to production. We
leverage Terraform, an infrastructure as code tool, to track changes to our
infrastructure.

Device management

We require developer machines to have full hard disk encryption. Developers are
required to use Chrome as their browser.

Miscellaneous

All vendor products we use go through a security review and are tracked
internally with documentation.

We have internal security policies that employees are trained to follow. These
include: remote access, information logging, acceptable encryption, acceptable
use, and web application security policies.


HOW NGROK SECURES ITS SERVICE

ngrok implements runtime controls at the service level to ensure the
confidentiality, integrity, and availability of its service.


PHILOSOPHY

Our general philosophy for keeping our production environments secure has two
main components: defense in depth and principle of least privilege.


ACCESS CONTROL

We practice 'least privilege' access grants. Engineers get the minimum level of
production access they need. Shell access to production machines uses industry
best practices of SSH certificate authorities to grant time-limited access in
extraneous circumstances.We keep audit logs of all grants to access production
machines. Services that manipulate cloud resources are granted least privilege
access grants via an associated 'Role' they assume to perform those operations.


DATA ENCRYPTION

All data is encrypted at rest. This includes databases, host filesystems,
network-mounted file systems, and data sent to data warehousing services. All
secrets and keys uploaded by users are further encrypted at the application
layer with keys that only we control.All internal secrets used by ngrok are
stored encrypted at rest with key rotation using industry secret key storage
provided by HashiCorp Vault. For API keys, credential tokens, and passwords, we
only keep one-way salted hashes of users' credential tokens.


RESOURCES


RECOMMENDATIONS FOR USING NGROK SECURELY

This guide will walk you through recommendations for ensuring you are using
ngrok securely.


Learn More


BEST SECURITY PRACTICES ON DEVELOPER PRODUCTIVITY

Learn the best practices to secure developer teams using ngrok while leveraging
your company security stack.

Learn More


NGROK
TRUST PORTAL

Learn more about ngrok's security controls. Access our compliance certifications
and attestations.

Learn More


NGROK
SERVICE STATUS

Review ngrok's real-time and historical data on system performance.

Learn More


PRIVACY

As a company, we take customer data privacy seriously, ensuring that:

All new vendors, assets and activities pertaining to processing personal data
are subject to a review of privacy, security, and compliance.

Personal data is properly collected, stored, and documented.

Relevant processes are followed for transfers of personal data outside the
European Union / UK.

For more information, read our privacy policy.




DATA SOVEREIGNTY

Our customers can use ngrok through our public service or our private offering
for complete control of their data and processes. For more information about our
private offering, contact our sales team.

Contact Sales


COMPLIANCE

ngrok is SOC 2 Type 2 compliant.

The SOC 2 Type 2 attestation certifies that ngrok's security processes and
operations are in place and that we follow these processes and operations on a
daily basis, meeting AICPA's trust services criteria for security.

ngrok provides access to the SOC 2 reports as well as all third party security
upon request at the ngrok security and trust portal.


Platform
Product
Cloud Edge
Secure Tunnels
Platform Features
Use Cases
ngrok for development
ngrok for production
Site-to-site connectivity
API Gateway
Device Gateway
Kubernetes Ingress
Global Load Balancer
Identity-Aware Proxy
Webhook Testing
Developer Preview
View all use cases
Resources
Security
Trust
Platform
Customers
Integrations
Blog
Support
Abuse
Get Started
Download
Pricing
Docs
Contact
Partners
Service Status
Company
About
Newsletter
Events
Press
Brand
Careers
Terms of Service
Privacy Policy
Privacy Preferences
DPA

©
2024
ngrok, Inc.