Trust Center

How we handle your code and data.

VibeOps is the engineering intelligence layer for your repos. The trust posture below describes exactly what we do with what you give us. We do not overpromise — anything we have not earned yet (SOC 2, on-prem) is called out explicitly.

Read-only GitHub access by default

We request the minimum scopes needed to mine PR history and post review comments. No write access to your code, no force pushes, no branch deletes. The exact permission list is on each install screen before you approve.

Encrypted at rest and in transit

All persisted state uses AES-256 at rest in Supabase. Every connection between client, backend, and GitHub uses TLS 1.3. Secrets (API keys, installation tokens, OAuth) live in AWS Secrets Manager and are never logged.

Ephemeral analysis containers

Review runs and sandboxed tests execute in isolated Modal containers that are destroyed after the run. No cross-customer state. No persistent disk. Source code is fetched per-review and dropped at completion.

Every customer edit captured in an audit trail

When you toggle, edit, or delete a policy, the before/after snapshot is written to organization_best_practice_rules_edits with your user id and timestamp. Exportable on request. The same approach covers admin reviews and rule changes.

No SOC 2 certification yet — here's where we are

We have not completed a SOC 2 audit. We implement Trust Service Criteria as internal guidelines (least privilege, encryption, audit logging, vulnerability disclosure) and we will publish progress as we run the formal audit. Until then, we will not claim a certification we do not hold.

How your code is sent to the LLM

Reviews are produced by Anthropic's Claude (Sonnet 4.6 by default; Haiku 4.5 on cost-bound passes). The diff plus cited file excerpts plus the repo's mined conventions are sent to Anthropic over TLS as prompt input.

Anthropic API runs under zero-retention defaults. Prompts and completions are not retained beyond the request lifecycle.
Prompts and completions are not used to train Anthropic models (per Anthropic Commercial Terms §C.1).
We do not send PRs from repos you have not explicitly onboarded. The GitHub App install screen lists every repo before you approve.
Enterprise customers on the BYO-LLM-key tier can route reviews through their own Anthropic Bedrock or Vertex endpoint instead — code never touches our Anthropic key.

Subprocessors

The full list of vendors that touch customer data. We will notify designated DPA contacts at least 30 days before adding or replacing one. Pure infrastructure (DNS, CDN, our own observability) is not on this list because it does not process customer code or review data.

Vendor

Purpose

Data class

Region

Anthropic

Review reasoning (Sonnet 4.6 for triage, Haiku 4.5 for cost-bound passes)

Diff text, file excerpts cited in review, repo conventions

Modal

Ephemeral sandboxes that clone, scan, and reason about the diff

Source code at the PR's parent commit, destroyed at run end

US (AWS)

Supabase

Primary database — reviews, comments, conventions, audit log

Review records, comment bodies, policy rules, user metadata

US-East

Clerk

Authentication and session management

Email, name, OAuth identity (GitHub/Google), session tokens

AWS

Compute (App Runner), object storage, Secrets Manager

Encrypted secrets, build logs, deploy artifacts

us-west-2

GitHub

Source of PR webhooks, repo metadata, review comment delivery

Read-only access to repos you select; write-comment on PRs

Stripe

Subscription billing and credit-pack checkout

Email, company name, payment method (handled in Stripe iframe)

Last reviewed 2026-06-02. To subscribe to subprocessor-change notifications for your DPA, email hi@vibeops.tech.

More detail

The security FAQ covers GitHub scopes, sandbox isolation, secret handling, source-code retention, audit logs, the responsible-disclosure program, and Bring-Your-Own-Cloud for Enterprise.

Read the security FAQ → Talk to us about a security review