Trust center

The secure way to code

Compliance

CodeRabbit is proud to have achieved external compliance verification with specific standards and can furnish evidence and details regarding the controls implemented related to these benchmarks.

SOC2 Type II

Annual independent security audits verify our controls meet AICPA Trust Service Principles for security.

Request access

GDPR

Comprehensive data privacy measures ensuring full compliance with EU data protection regulations.

Request access

Security

Zero-data retention

CodeRabbit communicates with LLM providers to generate code reviews. We send code diffs along with contextual data about the code to improve code reviews and provide better suggestions. The data is encrypted in transit using transport layer security (TLS). Proprietary code is never used to train or improve the models in any way. Queries to the LLMs are ephemeral, and no data is stored or logged by the LLMs.

Complete data isolation

Upon starting a new review, CodeRabbit starts in an isolated environment. Upon finishing the review and finally posting the review comments, CodeRabbit disposes of the environment and no traces of the code are stored on CodeRabbit’s servers. This flow ensures that no parts of the codebase are available outside of the scope and duration of the code review.

Audits and Certifications

CodeRabbit is SOC 2 Type II certified, with a new report released annually. The report describes CodeRabbit's security controls and examines how those controls meet the AICPA Trust Service Principles. It provides an independent assessment of how well CodeRabbit manages data with respect to security, availability, and confidentiality.

How does CodeRabbit help in secure development?

LLM-Powered Code Reviews

CodeRabbit uses LLMs to identify vulnerable coding patterns in real-time during code reviews, suggesting secure alternatives before code is submitted to a PR.

Comprehensive Security Scanning

Our platform offers robust security tools for code scanning, secret scanning, and vulnerability detection, helping to identify issues like hardcoded keys, credentials, and SQL injections to safeguard your codebase.

Pre-PR Security Verification

CodeRabbit verifies the absence of insecure coding patterns before posting code review PRs, ensuring compliance and protecting your code from threats.

Our privacy policy

CodeRabbit ensures transparency regarding all privacy-related policies and agreements. Our privacy policy details our handling of personal data, usage practices, and your rights concerning your data. Additionally, our list of subprocessors outlines all third parties involved in our service delivery that may process some data, including the reasons for their involvement, locations, and the services they provide.

Does CodeRabbit collect and process data?

CodeRabbit collects and processes data for various purposes on supported git platforms. Data about usage and metrics is also collected when a review is posted. Following broad categories of data is collected and processed by CodeRabbit at various stages:

Metadata

This includes information about the subscribing organization, added repositories, and users.

Code

CodeRabbit clones the repository in memory to perform the code review and run static analysis and security analysis tools. This data is discarded from memory immediately after the code review is done.

Metrics

CodeRabbit collects metrics about reviews and learnings generated, types of reviews generated (actionable, suppressed, refactor, verification, etc.), files reviewed.

Learnings

If opted-in, CodeRabbit stores learnings from code reviews. These can be either triggered automatically or by explicitly chatting with CodeRabbit to learn something for the next time it reviews your code.

Issues

If opted-in, CodeRabbit stores issues from connected knowledge bases like GitHub Issues, Jira, or Linear. This is useful in summarizing linked issues and suggesting possibly related issues in a PR.

Does CodeRabbit comply with GDPR and other protection laws?

Yes. Staying compliant with the General Data Protection Regulation (GDPR) is crucial for any business handling personal data. At CodeRabbit,  we prioritize data privacy and have implemented comprehensive measures to ensure compliance  with GDPR.

Does CodeRabbit delete the collected data after the CodeRabbit account is deleted?

Yes. CodeRabbit completely removes all related data after deleting the CodeRabbit account from the web application.

Still have questions?