Security at GitScribe

We take security seriously. This page outlines our security practices and how to report vulnerabilities.

Security Overview

🔐 Local Processing

Your code never leaves your machine when using local models. Complete privacy by default.

🛡️ Encrypted Communication

All API communications use TLS 1.3 encryption. Your data is protected in transit.

🔑 Secure Authentication

JWT tokens with short expiration times. API keys are hashed using industry standards.

⚡ Minimal Data Collection

We only collect what's necessary. No source code storage, no commit history tracking.

Infrastructure Security

  • Cloud Infrastructure: Hosted on enterprise-grade platforms with SOC 2 compliance
  • Database Security: Encrypted at rest, automated backups, access logging
  • API Security: Rate limiting, DDoS protection, request validation
  • Payment Security: PCI-compliant via Stripe, no credit card data stored

Application Security

Authentication & Authorization

  • Secure password hashing with Argon2
  • JWT tokens with 24-hour expiration
  • API keys hashed with SHA-256
  • Role-based access control for teams

Data Protection

  • No storage of source code or diffs
  • Commit messages deleted after generation
  • Usage data anonymized for analytics
  • GDPR-compliant data handling

Code Security

  • Regular dependency updates
  • Static code analysis
  • Security-focused code reviews
  • Automated vulnerability scanning

Reporting Security Vulnerabilities

🚨 Found a Security Issue?

Please report security vulnerabilities responsibly. We appreciate your help in keeping GitScribe secure.

Email: security@gitscri.be

PGP Key: Available at gitscri.be/security.asc

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any proof-of-concept code

Our Commitment

  • Acknowledge receipt within 24 hours
  • Provide regular updates on our progress
  • Credit researchers (unless anonymity requested)
  • Not pursue legal action for good-faith reports

Security Updates

Stay Informed

Security updates are announced via our changelog and GitHub releases.

Automatic Updates

The CLI tool checks for security updates and prompts for installation.

Compliance & Certifications

Current Compliance

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • PCI DSS (via Stripe)

Security Practices

  • Regular penetration testing
  • Security awareness training
  • Incident response procedures

Security Questions?

For non-urgent security questions or to learn more about our practices

security@gitscri.be