Security

When you connect a repository to CodeLens, we only access the code necessary to perform reviews. We do not store your source code on our servers. Code is processed in isolated, ephemeral containers that are destroyed after each review.

Review results, comments, and suggestions are stored securely but do not contain complete source code. We use tokenization and reference-based storage to minimize data exposure.

We support secure authentication methods including:

• OAuth 2.0 integration with GitHub, GitLab, and Bitbucket
• Two-factor authentication (2FA) for all accounts
• Single Sign-On (SSO) for Enterprise plans
• API keys with granular permissions and expiration

Our infrastructure is hosted in secure, SOC 2 Type II certified data centers. We use multiple availability zones to ensure high availability and data redundancy. All data centers are located in the United States and European Union.

We have a comprehensive incident response plan in place. In the event of a security incident, we will notify affected customers within 72 hours as required by GDPR. Our security team is available 24/7 to respond to potential threats.

We welcome security researchers to report vulnerabilities through our responsible disclosure program. Please report security issues to security@codelens.dev. We commit to acknowledging reports within 24 hours and providing updates on remediation progress.

If you have questions about our security practices or need additional documentation for your compliance requirements, please contact our security team at security@codelens.dev.