Zero Source Code Retention

Upload. Analyze. Delete. We only keep the insights, never your code.

Upload TLS 1.3
Temp Storage Encrypted S3
Analyze Isolated Container
DELETE CODE Automatic
Results Only What we keep

What We Store

Complete transparency about your data

Never Stored

  • Source code files
  • File contents
  • Business logic
  • Secrets or credentials
  • Git history

Stored (Analysis Results)

  • Findings (bugs, vulnerabilities)
  • File names + line numbers
  • Recommendations
  • Scores + verdict
  • Account info (if signed in)

Infrastructure Security

Enterprise-grade protection at every layer

Platform

Railway infrastructure with SOC 2 compliance

Encryption

TLS 1.3 in transit, AES-256 at rest

Access

No employee access to source code

Network

OWASP protected, rate limited

Delete-First Architecture

Deletion is built into our core code path

worker/analyze.py 
try:
    # Analyze the uploaded codebase
    results = await analyze_codebase(workspace.path)
    report = generate_report(results)

finally:
    # ALWAYS delete source code - guaranteed to run
    workspace.cleanup()  # Delete extracted files
    await delete_source_artifact(artifact_uri)  # Delete ZIP from S3

The finally block ensures deletion runs even if analysis fails.

Security FAQ

Answers to common enterprise concerns

What if hackers breach your servers before my code is deleted?

Your code exists only for 30-120 seconds during analysis. Even then, it's stored in encrypted S3 (AES-256), processed in isolated containers with no human access possible, and protected by Railway's SOC 2 infrastructure. The attack window is extremely narrow with multiple security layers.

How can I verify my code was deleted?

Deletion is logged with timestamps in our audit system, executed in a finally block (guaranteed to run even on errors), and S3 deletion confirmation is verified. We're building a verification API so you can confirm deletion programmatically.

Do you use my code to train AI models?

Absolutely not. Your code is analyzed for issues, then deleted. It is never used for training, never shared with third parties, and never retained beyond the analysis window.

What about analysis results - could they leak proprietary info?

Results contain only finding descriptions ("N+1 query detected"), file paths and line numbers, and generic recommendations. They do NOT contain actual code snippets, business logic, or algorithms.

Is ProdSensor SOC 2 certified?

We're building toward SOC 2 Type II certification. Our infrastructure provider (Railway) is SOC 2 compliant, and we follow SOC 2 principles: encryption everywhere, strict access controls, and audit logging.

Can I get a DPA for my company?

Yes, enterprise customers can request a custom Data Processing Agreement. Contact us at hello@prodsensor.com to discuss your requirements.
HTTPS TLS 1.3
AES-256 Encryption
Zero Retention
Railway SOC 2

Enterprise Security Questions?

Need a security questionnaire completed, custom DPA, or want to discuss enterprise deployment options? We're here to help.

Contact Security Team