Rumble Platform Security

Report a Security Issue

If you have identified a security issue in the Rumble platform or related infrastructure, please get in touch by email via To encrypt the contents of your message, please use PGP Key ID AE96EC3E8E1F27C6.

TLS Encryption

The Rumble agent encrypts all communications with the Rumble infrastructure using TLS. You can find the SSL Labs report cards for critical services below:

Binary Verification

Rumble uses an Extended Validation Authenticode certificate to sign all Windows executables. All Rumble executables also contain an embedded ED25519 signature, which can be verified with the Rumble Verifier.

Multi-factor Authentication

Rumble supports multi-factor authentication (MFA) for the Rumble Console through FIDO2-compatible (WebAuthn) security tokens, such as the Yubico YubiKey and the Google Titan key. This support extends to Windows Hello and mobile platform mechanisms such as fingerprint and face unlock.

Single Sign On

Rumble supports Single Sign On (SSO) via SAML/2.0 and has been tested with Okta, Auth0, GSuite, Office365, and Shibboleth. SSO is available to all customers at no additional cost.

Data Location & Encryption

Rumble uses AWS (us-east-2) for all infrastructure. All storage is encrypted at rest using AWS-managed keys. User credentials are hashed using bcrypt and encrypted using AES-256 in GCM mode with an encryption key stored separately from the database.

Application Security

Rumble has been developed with security best practices in mind. For additional details about the platform architecture and to see the executive summary of our last penetration test, please contact us by email at