Codectopus is built for agencies who must protect client code and reputation. We treat your code as confidential intellectual property and implement enterprise-grade security measures to ensure your data remains protected at all times.
• Repository contents via GitHub API using OAuth authentication
• Code access is strictly limited to generating analysis, reviews, and documentation
• You control exactly which repositories we can access through GitHub's permission system
• We never write, modify, or delete any of your code
We never store your source code. Only metadata and analysis summaries are retained.
• Repository names, file paths, commit hashes, and basic file statistics
• Analysis results including metrics, issue flags, and generated documentation
• Your dashboard settings, notification preferences, and account information
You code is never used to train any AI models. All processing is temporary and ephemeral.
• Your code is loaded into memory, analyzed, and immediately discarded
• AI models see only the minimum necessary code snippets required for analysis
• All code processing happens in secure, isolated environments that are destroyed after each analysis
• We don't cache or temporarily store code snippets between analysis sessions
• All metadata and analysis results are encrypted at rest using AES-256 encryption
• Secure authentication through GitHub's trusted OAuth flow
• All access tokens are encrypted and stored securely with automatic rotation
• All data in transit is protected with TLS 1.3 encryption
• Infrastructure hosted on enterprise-grade cloud providers with SOC 2 compliance
• Processing environments are isolated from public networks and other customer data
• Source code is deleted from memory immediately after processing
• Analysis results and metadata are retained for the lifetime of your account
• Complete data deletion within 30 days of account termination
• You can request immediate deletion of all your data at any time
• Even our encrypted backups are automatically purged according to retention policies
SOC 2 Type II certification in progress with expected completion Q2 2027
• Full compliance with EU data protection regulations (GDPR)
• California Consumer Privacy Act compliance for US customers (CCPA)
• Information security management system certification planned for 2027 (ISO 27001)
• Enhanced security controls for healthcare industry clients (HIPAA readiness on Enterprise plans)
• We only work with AI providers that offer zero-retention processing and enterprise security
• Built on GitHub's enterprise-grade security infrastructure and OAuth system
• All payment processing handled by PCI-compliant Stripe
• All third-party providers undergo security assessments before integration
• Formal DPAs in place with all service providers handling customer data
• We sign standard or custom Non-Disclosure Agreements within 1 business day
• Detailed logging and reporting for compliance requirements
• Additional security measures tailored to your industry requirements
Our security team is here to address any concerns or questions about our data protection practices.
Built with enterprise-grade security from day one. Your code stays yours, always.