Security

Tokens AES-256 encrypted, you control per-repo, revoke anytime.

Military-Grade Encryption

Tokens are AES-256 encrypted before they hit the database. We use Galois/Counter Mode (GCM) for authenticated encryption, ensuring your credentials are mathematically safe from tampering and exposure.

Per-Repo Control

You selectively enable monitoring for each repository. We only configure webhooks and process commits for the specific repositories you choose. Nothing is monitored until you explicitly enable it.

Zero Lock-in

Connect and disconnect anytime. You can revoke GitHub or any social platform access with one click from our dashboard, or directly from your platform's linked apps settings.

What we access

Commit messages and file change summaries (additions/deletions) so the AI can write accurate posts
OAuth tokens to publish on your behalf (AES-256-GCM encrypted at rest)
Your generated posts, changelog entries, and brand voice preferences

What we never access

Your full source code — we never clone your repository or read complete files
Your private files or directory structure
Passwords, API keys, or secrets from your code

Data retention

Active accounts: data retained until you delete your account
Disconnected platforms: tokens deleted immediately
Deleted account: all data removed immediately upon deletion