All data in transit is encrypted with TLS 1.3. Sensitive credentials are encrypted at rest with AES-256-GCM. API keys are stored as irreversible SHA-256 hashes.
We process commit metadata and diffs to generate episode scripts. Your source code is never stored on our servers. Self-hosting keeps everything on your infrastructure.
Hosted on hardened infrastructure with automated security patching, network isolation, and regular backups. All access is audited and logged.
Found a vulnerability? We take security seriously. Please report issues responsibly and we'll work with you to resolve them quickly.
Report security issues to [email protected]