Ketchup
Security First

Security

Your code is your most valuable asset. Here's how we keep it safe.

Security Features

Built-in protections to keep your repositories and data secure

Read-Only Access

We only request read-only permissions to your repositories. We never modify your code, create commits, or change repository settings.

Encrypted Data

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

No Code Storage

We never store your actual source code. Only commit metadata (messages, timestamps, authors) is processed and stored.

OAuth Authentication

Secure GitHub OAuth integration. You can revoke access at any time from your GitHub settings.

AI & Data Privacy

How we handle your code when generating narratives

Data Minimization

Enterprise customers can enable "Metadata Only" mode. We replace all code diffs with placeholders, sending only file names and commit messages to LLMs.

BusinessEnterprise

Bring Your Own Key

Use your own OpenRouter, Azure OpenAI, or Bedrock keys. Your data, your retention policies, your billing.

BusinessEnterprise

Audit Logging

Complete transparency. View logs of every LLM transaction, including prompts sent (redacted) and provider responses.

Enterprise

Our Security Practices

Industry-standard security measures we implement to protect your data

Infrastructure Security

  • Hosted on secure, SOC 2 compliant infrastructure (Supabase)
  • Regular security audits and penetration testing
  • Automated vulnerability scanning of dependencies
  • DDoS protection and rate limiting
  • Multi-factor authentication for team accounts

Data Protection

  • Data isolation between customer accounts
  • Regular automated backups
  • Secure data deletion upon account termination
  • GDPR and CCPA compliance
  • No third-party data sharing without consent

Access Controls

  • Role-based access control (RBAC) for teams
  • Audit logs for all account activities
  • Session management and automatic timeout
  • IP allowlisting available for Enterprise plans
  • Granular repository permissions

Responsible Disclosure

Found a Security Issue?

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

  • Email us at security@getketchup.com
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not exploit the vulnerability or access user data

Bug Bounty: We offer rewards for valid security vulnerabilities based on severity. Contact us for details.

Compliance & Certifications

Standards

  • SOC 2 Type II (via Supabase)
  • GDPR Compliant
  • CCPA Compliant
  • ISO 27001 (infrastructure)

Questions About Security?

Our security team is here to help. Contact us with any questions or concerns.

Contact Security TeamGeneral Support