Security

diffray is designed with security as a core principle. We understand that code review requires access to your source code, and we take that responsibility seriously.

How We Handle Your Code

Temporary Processing

Your code is never stored permanently. Here's what happens during a review:

Clone — We create a temporary clone of your repository
Analyze — AI reviews the changes in the pull request
Delete — The clone is deleted after the review completes

No code is retained after the review process ends.

Ephemeral Environment

Each review runs in a completely ephemeral environment — a fresh isolated container is created specifically for your review request and fully destroyed when the review completes.

This means:

No persistent storage — no code remains after the review
Fresh environment every time — no code or data from other reviews
Complete isolation — cannot access other customers' data
No network access except to GitHub and AI services
Immediate destruction — container and all data are wiped upon completion

There is no way for code to persist between reviews or be accessed after the process ends.

Your Code, Your Rights

You retain all ownership rights to your code
diffray receives a license solely to provide the service
We will not use your code to train AI models
We will not share your code with other customers

Data We Collect

From GitHub

Repository names and metadata
Pull request data and source code (during review only)
Review results (issues found by diffray)

From You

GitHub credentials (username, email, avatar)
Company information (if provided)
Support communications

Automatically

IP address, browser type, device data
Session cookies for authentication
Analytics data

Data Retention

Data Type	Retention
Account data	While active + 30 days after deletion
Source code	Not stored (ephemeral only)
Repository metadata	Deleted with account
Review results	30 days (visible in dashboard)
Analytics	Aggregated data may be retained indefinitely

Data Protection

Encryption

In transit — TLS/SSL encryption for all connections
At rest — Encrypted storage for all data

Authentication

Secure OAuth 2.0 authentication via GitHub
API keys are hashed and never stored in plain text

Security Practices

Regular security audits
Access controls and logging
Secure development practices

GitHub App Permissions

When you install the diffray GitHub App, it requests only the permissions necessary to function:

Permission	Purpose
Contents (read)	Access changed files for review
Pull requests (read/write)	Read PR details, post review comments
Issues (read/write)	Post review summary and interact with issues
Checks (read/write)	Create check runs for review status
Metadata (read)	Basic repository information

We follow the principle of least privilege — we only request what we need.

Infrastructure Security

diffray runs on AWS with enterprise-grade security controls at every layer.

Security Architecture

Network Isolation

VPC boundaries — All processing occurs within an isolated Virtual Private Cloud
Security groups — Each component has dedicated security groups with minimal required access
No inbound access — Worker containers have no inbound network access; only outbound to GitHub and AI services
TLS 1.2 minimum — All external connections enforce TLS 1.2 or higher

Compute Security

Serverless architecture — Lambda functions are stateless and isolated per invocation
Ephemeral containers — ECS Fargate containers are created per-review and destroyed after completion
No persistent storage — Containers have no persistent volumes; all data is in-memory
Non-root execution — Worker containers run as unprivileged node user
Resource isolation — Each review runs in its own container with dedicated CPU/memory

Least Privilege Access

Every component follows the principle of least privilege:

Component	Permissions
Webhook Lambda	Read/write reviews table, start workflow only
Worker Container	Read/write own review record, read user config only
Callback Lambda	Update review status only
Dashboard Lambda	Read user's own data only

No component has broader access than required for its specific function.

Secrets Management

AWS Secrets Manager — All secrets stored in AWS Secrets Manager with automatic encryption
KMS encryption — Secrets encrypted using AWS Key Management Service (AES-256)
No plaintext secrets — Credentials never stored in code or environment variables in plaintext
API keys hashed — User API keys stored as SHA-256 hashes, never reversible
Automatic rotation — Secrets can be rotated automatically without code changes

Data Flow Security

GitHub webhook → Signature verified using HMAC-SHA256 with webhook secret
Dashboard requests → JWT tokens validated on every request
Internal API calls → Authenticated with internal API key
AI API calls → Encrypted TLS connection to Anthropic API

Audit & Monitoring

CloudWatch Logs — All Lambda and container logs retained for 7 days
Step Functions logs — Complete workflow execution history
IAM access logging — AWS CloudTrail captures all API calls
No code in logs — Source code is never written to logs

Advanced Security Controls

VPC Endpoints — Private connectivity to AWS services without traversing public internet
AWS WAF — Web Application Firewall protects API Gateway from injection attacks and DDoS
VPC Flow Logs — Network traffic auditing for anomaly detection and forensics
Container Scanning — Automated vulnerability scanning for all Docker images before deployment
GuardDuty — AI-powered threat detection monitors for suspicious activity 24/7

Your Rights

You have the right to:

Access — Request a copy of your data
Correct — Fix inaccurate information
Delete — Request deletion of your personal data
Opt out — Unsubscribe from marketing communications

To exercise these rights, contact support@diffray.ai.

Your Responsibilities

As a user, you are responsible for:

Protecting your GitHub credentials
Notifying us immediately of any unauthorized access
Reviewing and evaluating all AI-generated suggestions before applying them

Responsible Disclosure

Found a security issue? We appreciate responsible disclosure.

Contact: support@diffray.ai

We commit to:

Acknowledging reports within 48 hours
Providing regular updates on remediation
Crediting researchers (if desired)

Frequently Asked Questions

Can diffray employees see my code?

No. Code is processed automatically and deleted after review. Our team does not have access to customer source code during normal operations.

Is my code used to train AI models?

No. Your code is never used for training AI models. We use Claude AI through Anthropic's API, which does not train on customer data.

What happens when I disconnect a repository?

Repository metadata is deleted immediately. Since we never store source code, there's nothing to delete on that front.

What happens when I delete my account?

Account data is retained for 30 days after deletion, then permanently removed.

For full details, see our Security Overview, Privacy Policy, and Terms of Service.

Have security questions? Contact us at support@diffray.ai

How We Handle Your Code​

Temporary Processing​

Ephemeral Environment​

Your Code, Your Rights​

Data We Collect​

From GitHub​

From You​

Automatically​

Data Retention​

Data Protection​

Encryption​

Authentication​

Security Practices​

GitHub App Permissions​

Infrastructure Security​

Security Architecture​

Network Isolation​

Compute Security​

Least Privilege Access​

Secrets Management​

Data Flow Security​

Audit & Monitoring​

Advanced Security Controls​

Your Rights​

Your Responsibilities​

Responsible Disclosure​

Frequently Asked Questions​

Can diffray employees see my code?​

Is my code used to train AI models?​

What happens when I disconnect a repository?​

What happens when I delete my account?​