How we handle your code and data.
VibeOps is the engineering intelligence layer for your repos. The trust posture below describes exactly what we do with what you give us: least privilege, encryption everywhere, isolated execution, and a full audit trail. Built to the controls a security review expects.
Read-only GitHub access by default
We request the minimum scopes needed to mine PR history and post review comments. No write access to your code, no force pushes, no branch deletes. The exact permission list is on each install screen before you approve.
Encrypted at rest and in transit
All persisted state uses AES-256 at rest on AWS. Every connection between client, backend, and GitHub uses TLS 1.3. Secrets (API keys, installation tokens, OAuth) live in a dedicated secrets manager and are never logged.
Ephemeral analysis containers
Review runs and sandboxed tests execute in isolated Modal containers that are destroyed after the run. No cross-customer state. No persistent disk. Source code is fetched per-review and dropped at completion.
Every customer edit captured in an audit trail
When you toggle, edit, or delete a policy, the before/after snapshot is written to organization_best_practice_rules_edits with your user id and timestamp. Exportable on request. The same approach covers admin reviews and rule changes.
Enterprise-grade security by design
We engineer to the same controls a security review expects: least privilege everywhere, encryption at rest and in transit, full audit logging, isolated per-customer execution, and a responsible-disclosure program. Bring-Your-Own-Cloud and BYO-LLM-key options keep regulated workloads inside your own boundary. Send us your vendor-security questionnaire and we will turn it around fast.
How your code reaches the models
Reviews run through a mixture of agents on our own harness. The diff, the file excerpts cited in the review, and the repo's mined conventions are the only inputs sent to the models, always over TLS. We route across providers we hold enterprise agreements with, plus our own trained models, so the path stays sealed end to end.
- All PR review and code pull/push happens inside an ephemeral sandbox that is destroyed when the run ends. Nothing persists between runs.
- Zero retention by default. Prompts and completions are not retained beyond the request lifecycle.
- Your code is never used to train models, ours or any provider's. This is contractually enforced across every model in the harness.
- We do not send PRs from repos you have not explicitly onboarded. The GitHub App install screen lists every repo before you approve.
- Enterprise customers can run entirely on their own model endpoints or fully on-prem, so code never leaves their boundary.
Subprocessors
The full list of vendors that touch customer data. We will notify designated DPA contacts at least 30 days before adding or replacing one. Pure infrastructure (DNS, CDN, our own observability) is not on this list because it does not process customer code or review data.
Last reviewed 2026-06-02. To subscribe to subprocessor-change notifications for your DPA, email hi@vibeops.tech.
More detail
The security FAQ covers GitHub scopes, sandbox isolation, secret handling, source-code retention, audit logs, the responsible-disclosure program, and Bring-Your-Own-Cloud for Enterprise.