# Security

Source: https://www.fortrabbit.com/platform/security
Created: 2026-06-14
Reviewed: 2026-06-14

> fortrabbit is a managed platform: we run the infrastructure and the stack, the developer owns the code on top. Each side owns its layer in full — nothing is secured twice, and nothing falls through the gap.


fortrabbit is a managed platform: we run the infrastructure and the stack, the developer owns the code on top. Each side owns its layer in full — nothing is secured twice, and nothing falls through the gap.

## Our responsibilities

- Run the stack below the app: OS, network, databases, PHP runtime, TLS, backups.
- Isolate each app in hardened containers behind a default-deny firewall.
- Monitor continuously, with on-call DevOps for anything out of range.
- Patch the fleet, following upstream security advisories.
- Maintain internal security policies, reviewed regularly.
- Train staff against social engineering and phishing.
- Restrict production access: least-privilege, encrypted, rate-limited.

## Our client's responsibilities

- Keep the framework and CMS on supported, patched versions.
- Update dependencies regularly — the most common way a site gets hacked.
- Store as little sensitive data as possible; encrypt what matters.
- Manage access to the app, environments and team with care.
- We never auto-update the application stack — by [design](/platform/no-x#no-automatic-updates).

For where data lives and how compliance works, see [trust and GDPR](/trust).

---

- [Security measures](/legal/standards/security-measures)
- [Operations](/us/operations)
- [Infrastructure](/platform/infrastructure)
- [Trust](/trust)