CodeSee takes security seriously. You can develop with confidence knowing that CodeSee is SOC 2 Type II certified, follows industry best practices, and has robust controls and processes in place to secure your data. And though we analyze your code, we do so within your environment, and we do not store your code.
Feel free to read more about the exact permissions that we use here.
CodeSee is built with security firmly in mind. We don't store your code on our servers and we are also SOC 2 Type II certified, giving you peace of mind that your code is protected.
Need to pass security review to install CodeSee?
Get our SOC 2 report instantly or request our data flow diagram:
All code is developed to be secure, performant, and maintainable. We use modern tools and frameworks to limit exposure to OWASP Top 10 security risks. We limit access to production servers, and conduct manual code review and automated testing.
We use CloudFlare’s enterprise-grade Web Application Firewall to protect against attacks. We invest in automated monitoring and anomaly detection, and keep audit logs of events to help identify, investigate, and recover from unauthorized activity.
Customer data is encrypted at rest and in transit using 256-bit or higher encryption. Auth tokens are further encrypted before being stored. Encryption keys are managed by AWS. User credentials are salted and hashed.
A third-party provider performs annual penetration tests to discover any vulnerabilities in our application. Contact us for our latest test report.
Log in to CodeSee with Single Sign-On (SSO) capabilities.
All of our data is stored securely with cloud service provider AWS. Those data centers are SOC2 and ISO 27001 certified.
Through AWS, we run daily backups of our database. We are able to restore our production database to any backup within the last 7 days.
All employees who have access to customer data are required to undergo background checks, in accordance with local laws.
All employees and contractors are required to sign confidentiality agreements prior to their start date.
We conduct company-wide information security awareness training annually and regularly reinforce security protocols through internal communication channels.
We use the principle of least privilege to define data access. Access is reviewed when employees change roles, and is immediately terminated when employees leave the company.
All devices that connect to our platform or to any cloud services storing our data use fully-encrypted hardware and up-to-date firewalls.
Have questions about security? We've done our best to anticipate your questions below. Our friendly sales team is happy to talk to you anytime, just book a time to chat or chat with a real human instantly.
Yes! We are SOC 2 Type II certified. Contact email@example.com to request a copy.
You can visit our privacy page or our docs page. If you have any additional questions, please reach out to firstname.lastname@example.org.
Please reach out to email@example.com, or chat with a real human instantly.