How RepoSignal handles your code, your data, and your credentials — stated plainly, without marketing language.
Security architecture
RepoSignal is built on standard, auditable security primitives — not proprietary systems that require you to trust our marketing.
🔐
Credential encryption
All credentials — GitHub tokens, LLM API keys, Stripe keys — are encrypted at rest using Fernet (AES-128-CBC with PKCS7 padding and HMAC-SHA256 authentication). The encryption key is stored separately from the database. We never log credential values.
🍪
Session management
Sessions use cryptographically signed cookies (itsdangerous, SHA-256 HMAC). Sessions expire after 24 hours of inactivity. All session events — login, logout, impersonation — are recorded to the immutable audit log.
🔑
API key security
Your RepoSignal API key is shown once — at creation. After that, only a masked version is displayed. You can regenerate your key at any time; the previous key is invalidated immediately.
🛡
Isolation
Repository data is scoped to the connecting user and org. Calibration artifacts, scan reports, and PR analyses are never shared across organizations. Admin access is logged and requires a separate internal API key.
Data handling
We are direct about what we store, for how long, and what we do with it.
What we access
RepoSignal accesses your GitHub repository — specifically commit history (author, timestamp, commit message, files changed) and pull request metadata — to train calibration models. We clone your repository at calibration time. We do not continuously mirror your code.
What we store
We store: calibration model artifacts (statistical models, not raw code), PR analysis results (risk scores and narratives), security scanner findings, and your account/org configuration. We do not store raw source code beyond the calibration window.
Retention defaults
📋
Audit log
365 days, configurable for enterprise accounts. Cannot be deleted by users — the log is append-only by design.
📈
PR analyses
90 days. Calibration artifacts are retained for as long as the repository is connected.
🗂
Account data
Retained while your account is active. Deleted within 30 days of account closure upon request.
AI usage policy
RepoSignal uses AI for two purposes: generating plain-English narratives from risk scores, and the optional AI assistant. Both are opt-in and require your own API key.
🔑
Bring Your Own Key (BYOK)
RepoSignal does not proxy AI requests through our own API keys. You connect your own Anthropic, OpenAI, or Gemini key. Your key is encrypted at rest. Your AI usage costs go to your provider account directly. We never absorb AI costs.
🚫
No training on your data
AI prompts sent via your key are subject to your provider's terms — not ours. RepoSignal does not use your data to train or fine-tune any models. Your repository content is not sent to AI providers unless you explicitly use the AI assistant.
✓
AI is optional
The core risk prediction system (calibration, walk-forward validation, PR scoring) does not use external AI providers. AI is used only for narrative generation and the optional assistant feature. Risk predictions are always available without an AI key.
Support access
When RepoSignal support staff access your account for troubleshooting, we log it.
⚠
Impersonation is audited
Any access to your account by RepoSignal staff is performed through an audited impersonation system that requires a separate internal API key. The impersonation start, all actions taken, and the end of the session are recorded to your audit log with a 1-hour maximum duration.
👁
You can see every access
Your audit log — accessible from the Audit Logs page — shows every action including support staff sessions. Filter by "impersonation" to see support access history. You can export this as CSV at any time.
Compliance
RepoSignal's governance features are designed to support compliance workflows, not to replace independent compliance assessments.
📄
Audit trail
Immutable, append-only audit log for all governance decisions, policy changes, finding acknowledgements, and access events. Exportable as CSV.
🔐
Role-based access control
Six roles with documented permission matrices. Role changes are audit logged. Over-permissioning is not required for standard workflows.
📊
Evidence documentation
Every calibration produces a validation report showing model methodology, data sources, known limitations, and confidence estimates. Available for audit purposes.
Security disclosure
If you discover a security issue in RepoSignal, please report it directly. We respond to all security reports within 48 hours and disclose findings after coordinated remediation.