We read private code — so we treat it that way
Reading your repository is a privilege. RepoDocs.dev is built with encryption, secret masking, least-privilege access, and strict guardrails on what the AI can ever reveal.
Encrypted credentials
GitHub access and refresh tokens are encrypted at rest. We request the minimum OAuth scopes needed to read your code.
Secret scanning & masking
API keys, tokens, and .env values are detected and masked before any code is indexed, shown, or logged.
No leaks in AI answers
The assistant is constrained from surfacing secrets or private code, and cites sources so you can verify every claim.
Least-privilege access
Role-based permissions (owner, admin, editor, viewer) scope what each teammate can see and change.
You control your data
Delete a project or your account and we purge the cached repository data and embeddings tied to it.
Audit logs & rate limiting
Sensitive actions are recorded, and abuse detection plus rate limiting protect your workspace.
Responsible disclosure
Found a vulnerability? We appreciate your help keeping RepoDocs.dev and our users safe. Email us with details and steps to reproduce, and we'll acknowledge within two business days.
security@repodocs.dev