Security

Security Controls
Without the Ceremony

We are keeping the security work: read-only access, scoped permissions, encryption, audit logs, and review gates. Our posture is based on the controls we operate, not just a badge.

Security Posture

Controls

Security Work Continues

We keep operating with practical controls: least-privilege access, encryption, audit trails, access review, and human approval before publishing.

SSO

Coming Soon

SAML 2.0 and OIDC support so your team logs in through your existing identity provider.

Minimal Permissions

We only ask for read access to what we need. We never write to your repos.

Read-Only Access

We never write to your repos. We read commits, PRs, and issues—that's it.

Scoped Permissions

Only the repositories you explicitly authorize. No organization-wide access required.

Easy Revocation

Pull the plug any time through your provider's settings. Takes effect immediately.

Audit Logging

Full audit trail of everything we access. You can see exactly what we read and when.

Infrastructure Security

Encrypted at Rest

All data encrypted using AES-256 encryption at rest.

Encrypted in Transit

TLS 1.3 for all data in transit. No exceptions.

Cloud Infrastructure

Runs on established cloud infrastructure with availability monitoring and operational safeguards.

Regular Backups

Automated backups with point-in-time recovery. Your data is safe.

DDoS Protection

Edge-level DDoS mitigation keeps things running when others go down.

Penetration Testing

Regular third-party penetration testing and vulnerability assessments.

Questions About Security?

Happy to walk through our setup and share docs. Just ask.

Talk to Us

Security ControlsWithout the Ceremony