Security

Security & Compliance

Your data security and privacy are our top priorities. Learn how we protect your information and maintain compliance.

Our Commitment to Security

At Deepscope, security is not an afterthought—it’s built into every layer of our platform. We employ industry-leading practices to ensure your engineering data remains confidential, available, and protected against evolving threats.

Our security program is designed around the principles of least privilege, defense in depth, and continuous improvement.

Security Features

Encryption at Rest & in Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. OAuth tokens are stored with separate key management.

Minimal Data Collection

We collect only metadata—no source code by default. You control what data we access through granular OAuth scopes.

SOC-2 Type II Compliance

We are pursuing SOC-2 Type II certification and undergo regular third-party security audits and penetration testing.

Access Controls & Monitoring

Role-based access controls, multi-factor authentication, and real-time security monitoring protect your data 24/7.

Data Protection & Privacy

Metadata-Only Approach

By default, Deepscope collects only metadata from your integrations—PR titles, timestamps, commit hashes, and activity patterns. We never store your source code, message content, or proprietary business logic unless you explicitly enable code analysis features with written consent.

Data Retention

  • Raw metadata: Automatically deleted after 90 days
  • Derived insights: Retained for 365 days for trend analysis
  • Account data: Deleted within 30 days of account termination

You can request immediate deletion at any time by contacting hello@deepscope.app.

Access Controls

Deepscope employees have zero standing access to customer data. All access requires explicit approval, is time-limited, logged, and reviewed. Customer support access is granted only with your explicit permission.

Infrastructure & Operations

Cloud Infrastructure

Deepscope is hosted on industry-leading cloud providers with:

  • 99.9% uptime SLA
  • Multi-region redundancy and automatic failover
  • DDoS protection and web application firewall (WAF)
  • Regular security patches and updates

Network Security

  • Private networks with isolated subnets
  • Firewall rules limiting access to essential services only
  • Intrusion detection and prevention systems (IDS/IPS)
  • VPN and IP whitelisting for enterprise customers

Compliance & Certifications

Current & In Progress

  • GDPR Compliant: EU data protection standards with DPA available
  • CCPA Compliant: California consumer privacy protections
  • SOC-2 Type II: Audit in progress (expected Q2 2025)

Data Processing Agreement (DPA)

Enterprise customers can execute a Data Processing Agreement compliant with GDPR Article 28. Contact hello@deepscope.app to request.

Operational Security Practices

  • Regular security audits and penetration testing by certified third parties
  • Automated vulnerability scanning and dependency monitoring
  • Incident response plan with 24-hour notification commitment
  • Employee security training and background checks
  • Secure software development lifecycle (SSDLC) practices
  • Regular backup and disaster recovery testing

Incident Response & Vulnerability Disclosure

Security Incident Response

In the unlikely event of a security incident, we commit to:

  • Notify affected customers within 24 hours of confirmed breach
  • Provide transparent post-mortem reports
  • Coordinate with regulatory authorities as required by law

Found a Vulnerability?

We welcome responsible disclosure of security vulnerabilities. Please report them to hello@deepscope.app with details. We will respond within 48 hours and work with you to address the issue.

Questions About Security?

Our security team is available to answer any questions about our practices, compliance, or to discuss enterprise security requirements.

Contact Security Team