Security
Your code. Your secrets. Protected.
We take security seriously. Your repositories, credentials, and project data are protected by multiple layers of encryption, isolation, and access control.
Where your data lives
AWS Infrastructure
Databases hosted on Amazon Web Services with enterprise-grade physical security, redundancy, and compliance certifications.
Encryption at Rest
Sensitive credentials encrypted using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256). Keys stored separately from data.
Encrypted Connections
All database connections use SSL/TLS encryption. No unencrypted data in transit between services.
How we protect your data
Row-Level Security
PostgreSQL RLS policies enforce data isolation at the database level. Your data is invisible to other users—even if there were an application bug.
JWT Authentication
ES256 (ECDSA) signature verification against JWKS. Every request is authenticated and tokens are validated cryptographically.
Rate Limiting
Sliding window rate limits protect sensitive endpoints from abuse, brute-force attacks, and automated scraping.
Multi-Tier Access Control
Organization roles (owner, admin, member, viewer) combined with product-level permissions. Granular control over who sees what.
CORS Protection
Cross-origin requests restricted to explicitly authorized domains. Prevents unauthorized access from unknown sources.
Secure Shareable Links
Quick Access tokens generated with 256-bit cryptographic entropy. Practically impossible to guess or brute-force.
Common questions
What data do you store from my repositories?
We store repository metadata, commit history summaries, and generated documentation. We analyze source code in-memory during documentation generation but do not persistently store your raw source files.
Are my GitHub tokens safe?
Yes. GitHub tokens are encrypted at rest using Fernet encryption (AES-128-CBC with HMAC-SHA256). Encryption keys are stored separately from application data and are never exposed to the frontend.
Can other users see my data?
No. Row-Level Security (RLS) policies in PostgreSQL ensure complete data isolation at the database level. Even if there were an application-level vulnerability, the database itself would prevent unauthorized access.
How do I report a security vulnerability?
Please email security@trajancloud.com with details of the vulnerability. We take all reports seriously and aim to respond within 48 hours. We appreciate responsible disclosure.
Questions about security?
We're happy to discuss our security practices in more detail.