Privacy and security

Graphite is a simple code review platform designed to help engineers write and review small pull requests, stay unblocked, and ship faster.

To achieve our mission to build state-of-the-art developer tools, Graphite values security above all else. We are SOC 2 Type II compliant, passing a rigorous auditing procedure established by the American Institute of Certified Public Accountants (AICPA). SOC 2 Type II assesses non-financial reporting controls across five areas: security, availability, processing integrity, confidentiality, and privacy. We also continuously pen test. Learn more about our security practices.

Permissions requested by Graphite

Authenticating a new tool with your GitHub account can be intimidating, so we aim to be transparent about how we integrate with GitHub and make sure your source code is secure.

Read org and team membership, read org projects

• Look up and display profile information about your orgs and teams

• Look up and display information (i.e., usernames) of other users in your orgs

• Look up and display repos in your orgs

Read all user profile data; Access user email addresses (read-only)

• Display your name

• Display your GitHub username

• Display your GitHub profile picture

• Send you transactional emails about Graphite

Repositories (read and write)

• Look up and display pull requests in your repositories

• Create/update pull requests in your repositories

• Add comments to pull requests (both the automated stack comment and your review comments)

• Review PRs

• Merge/land PRs

Signing into Graphite with a GitHub App

If you prefer to limit Graphite's access to select repositories, you can sign in using our GitHub App when you first create your Graphite account.

The Graphite GitHub App asks for the following permissions:

• Read: actions, checks, code, commit statuses, metadata

  • Used to display PRs and their relevant statuses and metadata on Graphite

• Read & write: pull requests

  • Used to create and display PRs on Graphite

• Read: user emails

  • Used to send transactional emails about Graphite

CLI

When you call gt stack submit, the Graphite CLI pushes the branches in your stack to the remote repo in GitHub directly from the client. Metadata about which branches were pushed to GitHub are sent to Graphite servers so we can open those PRs on your behalf.

Web app

When you open the app in your browser, it calls GitHub's API directly from the client to retrieve and display pull requests in repos you have access to according to the filter views you've defined. The only data stored on Graphite servers are basic profile metadata (GitHub ID, username, profile picture) and the auth token generated when you sign in with GitHub, which we use to save your PR filter views and maintain your session.

AI Summarize

Graphite's new AI Summarize feature on the app utilizes OpenAI's GPT-3 API to create summaries of PR changes with the help of artificial intelligence. In order to protect the source code and privacy of our customers and in accordance with OpenAI's Terms of Use, we have specifically opted out of the option to "Use Content to Improve Services"—meaning your source code and PR metadata are not used in training sets.

We've also crafted the feature to be PR-by-PR opt-in; if you don't press the button, your code will not be processed by OpenAI. If you have more questions about this feature, don't hesitate to shoot us a message on Slack or email security@graphite.dev.

Logging

During normal usage of the CLI and the website, Graphite will generate and store logs to help us better debug in the event of an error and better understand the profile of our users. Examples of that data include:

• Metadata about your repo: for example, number of branches or counts of Graphite commands being run. We use this to debug failing commands in the CLI (for example, in the past we found that a repo with a very high number of branches would cause the CLI to hang).

• Metadata about your usage: for example, commands being run, command run time, or any CLI errors. We use this to understand where to further our engineering investment and understand how widespread issues are.

• Metadata about your GitHub account: for example, orgs which you're a member of on GitHub. We use this to track the usage of our product and understand what types of orgs we work best for.

How Graphite keeps you source code safe

We understand how important it is to keep your source code safe. That's why we built Graphite with security and privacy best practices from day 1, using encryption in motion and at rest for access tokens and not persisting any of your source code on our servers.

Encryption

Graphite stores GitHub access tokens returned from App authentication logins. These tokens are revokable by both Graphite and the user’s GitHub settings.

We store these tokens in a Postgres database, encrypted in motion and at rest. We also manually encrypt the access tokens using aes-256-cbc and decrypt when we read them into server memory. To encrypt/decrypt, we use a secret stored in AWS secret manager.

We additionally encrypt data in our database with a key stored in a different service. So even if the database was compromised, access would not be gained to the Github API tokens.

Learn more

We're more than happy to provide you with copies of our security-related company policies to give you a better sense of how we approach security at Graphite.

Please email security@graphite.dev to request copies, or feel free to share your team's security questionnaire if you have a standard format.