Security

Security Without
the Sales Process

SOC 2 compliant, read-only access, and the same protections big companies get — without the enterprise sales process.

Compliance

SOC 2

SOC 2 Type II

Independently audited every year. Not just a checkbox—we take this seriously.

View Trust Center →

SSO

Coming Soon

SAML 2.0 and OIDC support so your team logs in through your existing identity provider.

Minimal Permissions

We only ask for read access to what we need. We never write to your repos.

Read-Only Access

We never write to your repos. We read commits, PRs, and issues—that's it.

Scoped Permissions

Only the repositories you explicitly authorize. No organization-wide access required.

Easy Revocation

Pull the plug any time through your provider's settings. Takes effect immediately.

Audit Logging

Full audit trail of everything we access. You can see exactly what we read and when.

Infrastructure Security

Encrypted at Rest

All data encrypted using AES-256 encryption at rest.

Encrypted in Transit

TLS 1.3 for all data in transit. No exceptions.

Cloud Infrastructure

Runs on SOC 2 compliant cloud providers with 99.9% uptime.

Regular Backups

Automated backups with point-in-time recovery. Your data is safe.

DDoS Protection

Edge-level DDoS mitigation keeps things running when others go down.

Penetration Testing

Regular third-party penetration testing and vulnerability assessments.

Questions About Security?

Happy to walk through our setup and share docs. Just ask.

Talk to Us →

Security Withoutthe Sales Process