Your code and data are safe with us.

How we handle your code

When you grant us repository access for test suite creation or framework development, we follow strict protocols:

• Access is scoped to the minimum required — read-only where possible, write access only to test directories
• All work is done in isolated branches; we never push directly to main
• Repository access is revoked within 48 hours of project completion
• We never share, store, or use your code for training AI models

AI usage & data privacy

Our AI-assisted workflows use commercial LLM APIs (Claude, OpenAI) with strict data handling:

• Code snippets sent to AI are anonymized and stripped of secrets, keys, and PII
• We use API-tier access with zero data retention policies — your code is never used for model training
• AI-generated test cases are always reviewed by a human engineer before delivery
• We can work fully offline / air-gapped for clients with strict compliance requirements

Infrastructure & communications

• All client communications are encrypted (TLS 1.3)
• We use 2FA on every tool and service in our stack
• Client deliverables are shared via encrypted channels (not plain email attachments)
• Our team follows SOC 2-aligned operational practices

Compliance

We're prepared to work within GDPR, SOC 2, HIPAA, and other regulatory frameworks. For enterprise clients with specific compliance requirements, we provide custom security documentation and can sign NDAs, DPAs, and BAAs as needed.

Questions about our security practices? Contact us for a detailed security overview.