Skip to content
Security

We read private code — so we treat it that way

Reading your repository is a privilege. RepoDocs.dev is built with encryption, secret masking, least-privilege access, and strict guardrails on what the AI can ever reveal.

Encrypted credentials

GitHub access and refresh tokens are encrypted at rest. We request the minimum OAuth scopes needed to read your code.

Secret scanning & masking

API keys, tokens, and .env values are detected and masked before any code is indexed, shown, or logged.

No leaks in AI answers

The assistant is constrained from surfacing secrets or private code, and cites sources so you can verify every claim.

Least-privilege access

Role-based permissions (owner, admin, editor, viewer) scope what each teammate can see and change.

You control your data

Delete a project or your account and we purge the cached repository data and embeddings tied to it.

Audit logs & rate limiting

Sensitive actions are recorded, and abuse detection plus rate limiting protect your workspace.

Responsible disclosure

Found a vulnerability? We appreciate your help keeping RepoDocs.dev and our users safe. Email us with details and steps to reproduce, and we'll acknowledge within two business days.

security@repodocs.dev