See Roadmunk In Action

Start a free 14-day trial and build your roadmap in a matter of minutes.

No credit card required. Cancel anytime.

So you‘re looking into Roadmunk but wondering if you‘re even allowed to use it and if it‘s safe. Don‘t worry. Keeping our customers' data secure is the most important thing that Roadmunk does and is fundamental to the nature of our business. This living document will share the details of what we do to keep things safe, and some of the work that we’re doing to continually improve the security of your data.

We use world class data centers

Roadmunk’s physical infrastructure is hosted and managed within Amazon’s secure data centers and leverages Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) technology. The data is physically stored on servers in the United States and all backups are completed every 15 minutes to ensure and kept for a period of 30 days.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Your password is stored securely

All user passwords are hashed using the SHA256 algorithm with salt. Hashing passwords is actually more secure than encrypting them, because that means we don’t have access to the original passwords, nor does anyone else. So even if our database is compromised, everyone’s passwords will stay secure.

We do not store payment details

Roadmunk is not in the business of storing or processing payments. All payments go through our partner, Stripe, which is a leading global payments system that is PCI compliant. Details about their security can be found here.

Secure transmission

All communication between Roadmunk servers and the client browser is secured using the industry standard Transport Layer Security (TLS). The connection is encrypted using AES-256 CBC with SHA256 for message authentication and ECDHE RSA as the key exchange mechanism.

You are probably also interested in checking out our Terms of Use and Privacy Policy too. We strive to make those as human and readable as possible (while still keeping our lawyers happy). If you have any questions, please contact us at