Security & reliability
Our priority is securing your intellectual property and information. Chromatic doesn’t store or access your source code. SOC 2 Type 2 compliant.
SOC 2 Type 2
Third-party auditors validate that we comply with the highest standards for security, availability, and confidentiality.
Penetration testing
Third-party auditors penetration test Chromatic on an annual basis to hunt for security issues.
SSO/SAML & SCIM provisioning
You have full control of who has access to your projects. Deploy Chromatic to your enterprise with SSO via SAML 2.0 and sync user management. Contact sales
Encrypted in transit & at rest
All connections from you to Chromatic are encrypted. Your data is stored in 256-bit AES encrypted databases at rest.
Privacy-first
By design, Chromatic doesn’t store or access your source code.
Secure vendors
Our third-party vendors are also vetted and secure.
“We are using Storybook in every UI layer in all of our organization. Chromatic keeps us safe and helps us ship quality & performant UI.”
Orr Gottlieb
Engineering manager
Collaborate in a secure workspace for teams
Responsible disclosure
Our team is vigilant about adhering to security best practices. But we’re not so naive to believe that we’re perfect. Security is a priority—we’ll act quickly to address verifiable security issues. You can download and read our full responsible disclosure policy from our security center.
Report security issues
Please report security issues to security@chromatic.com. Include your name, vulnerability description, and steps to reproduce. We’re grateful to these folks for responsibly disclosing security issues which helps us make Chromatic safer for everyone.