Your code and data are your most valuable assets. We take their protection seriously with enterprise-grade security measures and transparent practices.
Multiple layers of protection for your data
TLS in transit, AES-256 at rest
OAuth 2.0 with GitHub, GitLab, Bitbucket
Row-level security and RBAC
SOC 2, GDPR, and CCPA ready
All data is encrypted both in transit and at rest using industry-standard protocols.
TLS 1.3 for all connections to our servers
HTTPS enforced for all web traffic
Encrypted webhooks from Git providers
AES-256 encryption for all database records
OAuth tokens encrypted with additional layer of security
Encrypted backups stored in separate secure locations
Multi-layered access controls ensure only authorized users can access your data.
OAuth 2.0: Secure authentication via GitHub, GitLab, and Bitbucket
Row-Level Security (RLS): Database-level access policies enforce data isolation
Secure Access Control: Protected access to your projects and data
Session Management: Automatic logout and secure session tokens
SSO Support: Enterprise customers can use their own identity provider (coming soon)
Built on trusted, secure infrastructure providers with industry-leading security practices.
Supabase: PostgreSQL database with built-in RLS and automatic backups
Vercel: Edge network deployment with DDoS protection
Isolated Environments: Separate production, staging, and development environments
Regular Backups: Automated daily backups with point-in-time recovery
Monitoring: 24/7 infrastructure monitoring and alerting
We handle your source code with the highest security standards.
Minimal Access: We only request necessary repository permissions
Read-Only by Default: AI analysis uses read-only access to your repositories
Secure Processing: Code analysis happens in isolated environments
No Training: Your code is never used to train AI models
Token Rotation: OAuth tokens can be revoked anytime from your Git provider
Proactive security measures to protect against threats.
Regular Security Audits: Third-party penetration testing and code reviews
Dependency Scanning: Automated vulnerability scanning of all dependencies
Security Updates: Rapid patching of security vulnerabilities
Employee Training: Regular security awareness training for all team members
Incident Response: Documented procedures for security incidents
Meeting industry standards and regulatory requirements.
GDPR compliant data handling
CCPA privacy rights support
Security best practices (OWASP Top 10)
SOC 2 Type II certification
ISO 27001 certification
We welcome security researchers to help keep Tixie secure.
If you discover a security vulnerability, please report it to security@tixie.dev. We ask that you:
Provide detailed steps to reproduce the vulnerability
Give us reasonable time to address the issue before public disclosure
Avoid accessing or modifying other users' data
We'll acknowledge your report within 24 hours and provide updates as we work on a fix.
Our team is here to address your security concerns and discuss enterprise security requirements.