Security

Zero source code retention. Zero exceptions.

Your code is processed in memory and discarded immediately. The only thing we keep is the context we generate, fully isolated to your tenant.

Source never storedEncrypted end-to-endTenant isolated

Data Flow

What happens to your code

Three steps in. Two outcomes out. One of them is your source code being deleted.

01

Your Repository

GitHub, GitLab, or Bitbucket. Minimum permissions only.

02

Clone to Sandbox

Cloned over TLS into an isolated, per-tenant sandbox.

03

Process in Memory

AI analyzes your code in memory. Nothing written to disk.

splits into
Retained

Knowledge Graph + Context

Your generated context lives on RepoWise servers, encrypted and tenant-isolated. Every AI tool reads it live.

Deleted

Source Code Discarded

Wiped from memory after processing. Zero retention, always.

Core Posture

Two principles, enforced by design

Zero source code retention

Your source code can never leak from RepoWise because we never keep it. It is read in memory only, then thrown away. The only thing that stays is the context we generate, fully isolated to your tenant.

Included in EnterpriseAdd-on $79/mo (Pro & Team)

Privacy Channel

Your source code never leaves an isolated network boundary. Privacy Channel adds a dedicated tunnel so even our scanners run inside your security perimeter, on top of the default zero-retention promise.

Compliance

Independent audits, on the way

We are pursuing the certifications enterprise buyers expect. Status is shown honestly, no claims we have not earned.

In progress

SOC 2 Type I

Audit scoping underway. Targeting completion in the next 12 months.

Planned

SOC 2 Type II

Continuous-monitoring controls being deployed alongside Type I.

Planned

ISO 27001

Information security management system controls being rolled out.

Need our latest security questionnaire or roadmap? security@repowise.ai

Controls

Built on secure foundations

Every part of RepoWise is designed around one principle: your source code is yours, never ours.

We never see your credentials

Sign in to the CLI through your browser. Your password and tokens never touch our servers (OAuth 2.0).

Phishing-resistant sign-in

Every account can lock down with passkeys, hardware keys, or one-time codes. Multi-factor by default.

Permissions match your team structure

Four roles, Owner, Admin, Repo Manager, Member, give each person exactly the access they need, no more.

Tamper-proof git events

Every webhook from your git provider is verified before processing. Spoofed events can never trigger work on your repo.

Encrypted everywhere, always

Your data is protected in transit and at rest, with hardened key management (TLS 1.2+, AES-256, on AWS).

Minimum repo permissions

We only ask for content and pull request access. No access to secrets, settings, or admin controls, ever.

Source-code retention

0 bytes

Generated context isolation

Per-tenant

Encryption at rest + in transit

AES-256 / TLS 1.2+

Have security questions?

Reach out to security@repowise.ai and we will respond within one business day.

Your codebase has context your AI has never seen

Architecture decisions made in Slack. Business rules one engineer knows. Conventions the team agreed on but never wrote down. RepoWise captures it and keeps every AI tool in sync.

Zero code retention. Processed in memory. Discarded immediately.