Platform & Data
Security

Kedgr is engineered with a security-first mindset. We are committed to protecting your data and intellectual property through multiple layers of defense, from initial design to daily operations.

[01] Application Security

Our backend enforces strict IDOR (Insecure Direct Object Reference) protection, ensuring users can only access resources within their own company. All file processing services include path traversal guards to prevent unauthorized file system access.

[02] Data Security

All data is encrypted in transit using TLS 1.2+. Sensitive assets like source code archives are encrypted at rest in AWS S3 using AES-256. We utilize parameterized queries via our ORM to prevent SQL injection vulnerabilities.

[03] Authentication & Access

User passwords are not stored directly; we store secure hashes using bcrypt. We offer GitHub OAuth for a more secure, passwordless login experience. GitHub tokens are managed with robust refresh and revocation logic.

[04] Infrastructure & Compliance

Our infrastructure is built on trusted cloud providers. We are actively working towards SOC 2 compliance, maintaining a risk register and enforcing MFA for all internal team members with access to production systems.

Temporary Storage Security Benefits

Attack Surface Reduction

Ephemeral processing eliminates persistent storage of sensitive source code, dramatically reducing the attack surface. No long-term data persistence means no historical vulnerabilities or data breaches from archived codebases.

Private-by-Default Design

Source code never enters our database. Analysis occurs in isolated memory buffers with immediate cleanup. Only encrypted intelligence and findings are preserved, ensuring complete data minimization.

Compliance Advantages

GDPR and SOC2 compliant by design. Data minimization principles ensure only necessary intelligence is retained. No risk of unauthorized access to source code through database breaches or insider threats.

Atomic Data Destruction

Source code is permanently deleted immediately after analysis. No temporary files, no backups, no recovery options. Complete data destruction ensures intellectual property protection.

Audit Trail & Compliance Logging

Access Logging

  • All ephemeral data access is logged with user ID, timestamp, and provenance hash
  • Source code purge events are audited with cryptographic proof
  • Intelligence archive queries are tracked for compliance
  • Failed access attempts are logged for security monitoring

Compliance Visibility

  • SOC2 audit trails for all ephemeral operations
  • GDPR-compliant data access history
  • Cryptographic proof of data destruction
  • User-controlled data deletion capabilities

Our Commitment

Security is not a feature, but a foundational principle at Kedgr. We are continuously monitoring, auditing, and improving our systems to protect against emerging threats. Our "Zero-Knowledge Code Processing" promise means your source code is never stored permanently and is never used for training AI models. For more details on data handling, please see our Data Privacy Shield page.