Propel Security Practices
Safeguarding your AI code reviews with enterprise-grade security, comprehensive data protection, and industry-leading compliance standards.
Last updated: July 12, 2025
Enterprise-Grade Security
We understand that your code is your most valuable asset. Our security practices are designed to protect your intellectual property while enabling powerful AI-driven insights.
SOC 2 Compliant
We maintain SOC 2 Type II compliance with rigorous security controls and regular audits.
End-to-End Encryption
All data is encrypted in transit and at rest using industry-standard AES-256 encryption.
Zero Data Retention
We process your code for analysis but never store or retain it beyond the active session.
Hosting and Architecture
Our infrastructure is built with security and scalability in mind, offering multiple deployment options to meet your organization's needs.
Cloud-Based Services
Our primary deployment runs on AWS with multi-region redundancy and auto-scaling capabilities. We utilize AWS's enterprise-grade security features including VPC isolation, IAM controls, and CloudTrail logging.
- Hosted on AWS with 99.9% uptime SLA
- Multi-region deployment for redundancy
- Auto-scaling based on demand
- 24/7 monitoring and alerting
On-Premises Deployment
For organizations with strict data residency requirements, we offer self-hosted deployment options that keep all data within your infrastructure.
- Complete data control and residency
- Air-gapped deployment options
- Custom security configurations
- Dedicated support and maintenance
AI Model Security
Our AI models are deployed in secure, isolated environments with strict access controls and monitoring. We use a combination of proprietary and fine-tuned models optimized for code analysis.
- Isolated model execution environments
- No training on customer data
- Regular model security assessments
- Encrypted model storage and transfer
Data Handling and Privacy
We process your code to provide intelligent insights while maintaining the highest standards of privacy and data protection.
Code Processing
Your source code is processed in secure, isolated environments exclusively for the purpose of providing code review insights. We implement several key principles:
- Temporary Processing: Code is analyzed in memory and never permanently stored
- Session-Based: Data is purged immediately after analysis completion
- Encrypted Transit: All code transmission uses TLS 1.3 encryption
- No Model Training: Your code is never used to train or improve our AI models
Metadata and Analytics
We collect minimal metadata to provide service functionality and improve user experience:
- Usage Statistics: Anonymized metrics for service optimization
- Performance Data: Analysis timing and success rates
- Error Logs: De-identified error information for debugging
- User Preferences: Settings and configuration data
Data Rights and Control
You maintain full control over your data with comprehensive rights and options:
- Data Portability: Export your data at any time
- Right to Deletion: Request complete data removal
- Access Controls: Granular permissions for team members
- Audit Logs: Complete visibility into data access and processing
Security Controls and Monitoring
Our comprehensive security program includes multiple layers of protection, monitoring, and incident response capabilities.
Access Controls
- • Multi-factor authentication (MFA) required
- • Role-based access control (RBAC)
- • Single Sign-On (SSO) integration
- • Regular access reviews and audits
- • Principle of least privilege
Infrastructure Security
- • Network segmentation and firewalls
- • Intrusion detection and prevention
- • Regular security assessments
- • Automated vulnerability scanning
- • Incident response procedures
Monitoring and Logging
- • 24/7 security monitoring
- • Comprehensive audit logging
- • Real-time threat detection
- • Automated alerting systems
- • Security information and event management (SIEM)
Incident Response
- • Dedicated security response team
- • Documented incident response procedures
- • Regular incident response drills
- • Customer notification protocols
- • Post-incident analysis and improvement
Compliance and Certifications
We maintain industry-leading compliance standards and certifications to ensure your data is protected according to the highest security standards.
SOC 2 Type II
Independently audited and certified for security, availability, processing integrity, confidentiality, and privacy.
GDPR Compliant
Full compliance with the General Data Protection Regulation for EU data protection and privacy rights.
ISO 27001
Information security management system certified to international standards for systematic security management.
CCPA Compliant
California Consumer Privacy Act compliance ensuring transparency and control over personal information.
Security Questions?
Our security team is here to answer any questions about our practices, compliance, or how we protect your data.