CodeRaptor
SOC 2 Type II Certified

Your code is safe with us

Enterprise-grade security built into every layer. We take data protection seriously so you can review code with confidence.

Certifications & Compliance

We meet the highest industry standards for security and compliance

SOC 2 Type II

Independently audited security controls

GDPR Compliant

European data protection standards

ISO 27001

Information security management

HIPAA Ready

Healthcare compliance available

How we protect your code

Multiple layers of security to keep your intellectual property safe

End-to-End Encryption

All code is encrypted in transit using TLS 1.3 and at rest using AES-256. Your code is never stored unencrypted.

Zero Knowledge Architecture

We never train AI models on your code. Your code is analyzed in isolated environments and immediately deleted.

Self-Hosted Options

Enterprise customers can deploy CodeRaptor on their own infrastructure for complete data control.

OAuth & SSO

Secure authentication via GitHub, GitLab, or your own identity provider. Support for SAML and OIDC.

Minimal Data Retention

We only store metadata needed for reviews. Code snippets are retained for 30 days, then permanently deleted.

Secure Infrastructure

Hosted on AWS with SOC 2 certified infrastructure. Regular penetration testing and security audits.

Access Controls

Role-based access control (RBAC) with granular permissions. Audit logs for all actions.

Vulnerability Scanning

Continuous monitoring for vulnerabilities in our own codebase. Automated dependency updates.

Incident Response

24/7 security monitoring with automated incident response. Sub-1-hour response time for critical issues.

How we handle your data

What we collect

  • Git diffs and code changes (for review purposes only)
  • Repository metadata (names, branches, commit SHAs)
  • User information (email, name, GitHub profile)
  • Review results and violation reports

What we DON'T collect

  • Full repository contents or entire codebases
  • Sensitive environment variables or secrets
  • Personal identifying information from code
  • Unrelated files or directories

How long we keep data

  • Code snippets: Deleted after 30 days
  • Review metadata: Retained for 1 year
  • Audit logs: Retained for 2 years (compliance)
  • User accounts: Deleted within 30 days of cancellation

Who has access

  • Only authorized team members (engineers on-call)
  • Access is logged and audited
  • No third-party AI providers see your code
  • Self-hosted deployments: Only your team

Trust Center

Access security documentation, compliance reports, and policies

Security Whitepaper

Detailed technical security architecture

SOC 2 Report

Latest Type II audit report (NDA required)

Privacy Policy

How we collect and use your data

Terms of Service

Legal terms and conditions

Data Processing Agreement

GDPR-compliant DPA for enterprise

Security Questionnaire

Pre-filled vendor security assessment

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure.

If you discover a security issue, please report it to security@coderaptor.ai

Our commitment:

  • Response within 24 hours
  • No legal action against good-faith researchers
  • Public acknowledgment (if desired)
  • Bug bounty program for critical findings

Please do not disclose the vulnerability publicly until we've had a chance to address it. We aim to fix critical issues within 7 days.

Questions about security?

Our security team is happy to answer any questions or provide additional documentation

Contact Security Team