Compliance

Railway is designed to be used by companies of all sizes. We understand that companies have different needs when it comes to compliance and security. We are happy to work with you to ensure that Railway meets your needs. We have worked with teams in gov't, healthcare, and finance to ensure that Railway meets their needs.

Companies choose Railway so that they can speed up their development velocity while also maintaining their security and compliance posture.

We are happy to sign NDAs with your company to provide additional information about our security and compliance practices. Please reach out to us at team@railway.app to get started, or click here to book some time to chat.

Certifications

We know that your businesses need to develop strong and lasting relationships with your vendors to build confidence that we can be trusted to deliver your workloads. Part of that is through certifications, audits, and continual refinement of our practices. Railway aims to comply with all the distributions of workloads and privacy procedures.

SOC 2

Railway is SOC 2 Type I certified.

Highly motivated customers (Pro tier and higher) who are in the process of securing SOC 2 certification can request a copy of the Railway security audit.

To make this request, please book a session with a Railway team member here.

SOC 2 Type II certification is expected before the end of 2024.

HIPAA BAA

Railway follows a shared responsibility model for HIPAA compliance. Railway will make its best effort to advise your company on setting up encryption for your data, auditing the storage of keys, establishing access control, and ensuring secure storage of sensitive patient data. When a BAA is in effect, the Railway team will no longer be able to directly access your running workloads. BAAs are only available on our Enterprise offerings.

If your company needs a BAA, you can contact our solutions team at team@railway.app, or click here to schedule some time to chat.

We are working on operationalized BAAs and continually gathering requirements for health-focused workloads for Enterprises. You can share your feedback in Help Station.

Privacy

Railway is committed to protecting the privacy of our users. We understand that when working with user code and data, it is important to have a clear understanding of how we handle your data. Railway, on behalf of our users, may remove offending workloads but at no point will a Railway team member modify your application without your expressed permission through an approved communication channel.

Click here to see our Privacy Policy.

VAT / Address

For customers who require VAT tax collection, you can add your company VAT Tax ID and company address via the Pro plan billing portal for your respective workspace.