Privacy & security
Privacy & security
Hundreds of top companies trust Graphite with access to their GitHub repos. We’re regularly pen-tested and SOC2 compliant.
Built with security in mind
We keep your reviews safe and your code safer.
We follow industry standard practices around employee training and background checks, MDMs, on-call, etc.
Because we use GitHub authentication, when you remove a user from your GitHub we’ll immediately sync that as well.
We are SOC2 Type II compliant. Reach out to email@example.com for a copy of the audit reports.
In transit, at rest, and in our DB. Using industry standard HTTPS 1.2 and AES-256. GitHub API tokens are encrypted with additional keys protected via hardware-protected secrets.
Both continuously by a suite of tools and annually by independent third-parties. Contact us to request a report.
Hosted on AWS and built for scale, our system is resilient to downtime.
Everything we do to keep your code secure can’t fit on a page.Email our team
- Acceptable use policy
- Access control and termination policy
- Business continuity and disaster recovery plan
- Change management policy
- Code of conduct
- Configuration and asset management policy
- Data classification policy
- Data protection, retention, and disposal policy
- Encryption and key management policy
- Information security policy
- Internal control policy
- Network security policy
- Physical security policy
- Performance review policy
- Risk assessment and treatment policy
- Security incident response plan
- System audit policy
- Vendor management policy
- Acceptable use policy
- Vulnerability and patch management policy
Last Modified: July 2023
In order to provide you with the Services, we may ask you to provide us with certain details or information about you. Information that you submit through the Services are:
Contact information: Name and email address. We collect basic contact details to communicate with you, provide you with the Services, respond to your queries, personalize the Services for you, improve and enhance our Services, market to you, and conduct research and analytics.
Professional information: Company name, division, job title, and other professional information. We collect such information to explore business opportunities and provide the Services to you and existing or prospective businesses.
Information about your use of the Services: Interaction and feedback regarding the Services, including features, search queries within the Services, and certain interactions you make via the Services, such as loads and batches run. We collect this interaction and feedback to provide you with the Services, improve and enhance our Services, conduct research and analytics, and for security purposes.
Any other information you choose to provide: This includes product reviews, code review, and any information you provide to us, for example, when communicating with us.
Our Services may require you to enter certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing the Services.
We may obtain information about you from the following third party sources:
Service providers and other similar entities: They collect information, such as your contact information, profile picture, and your affiliated company information, as applicable, on our behalf to provide our Services.
Your employer: Your contact information in order to provide you with access to the Services, market to you and your organization, and for security purposes.
Social networking platforms: Your contact information and information you post on social networking platforms (e.g., LinkedIn) when you have a publicly-available profile containing information about yourself. We use this information to network with you, advertise to you, and seek business opportunities. In addition, if you interact with us on social media, we will collect information about those interactions.
Other third parties: You may choose to elect that certain third parties share information with us, for example, when you choose to access the Services through another service, such as through Single Sign-on (e.g., GitHub, GitLab, BitBucket) or link any social media platforms to your account.
We collect the following kinds of Usage Data:
Unique device identifier;
Device type, such as your phone, computer, or tablet;
Date and time stamps, such as the date and time you first accessed the Services;
Number of visits;
Language of device;
Other information regarding your interaction with the Services.
We use the Usage Data we collect automatically to:
Improve and provide the Services;
Run analytics; and
Better understand user interaction with the Services.
In addition to the foregoing, we may use all of the above information to:
Create anonymized and aggregated data sets that we may use for a variety of functions, including research, internal analysis, analytics, and other functions;
Comply with any applicable legal obligations;
Detect, investigate, and prevent activities that may violate our policies or be illegal;
Protect or defend the Services, our rights, the rights of our, users or others.
You may request to access, transfer or delete any personal information we hold about you by contacting us at the email set forth below.
The Services are provided from and in the United States. When you access the Services, information about you will be subject to U.S. data privacy laws.