Security

At Afelyon, security is our top priority. We implement industry-leading practices to protect your code, data, and infrastructure.

Last updated: January 2025

Data Protection

Encryption at Rest and in Transit

All data is encrypted using industry-standard AES-256 encryption at rest and TLS 1.3 for data in transit. Your code and sensitive information are never stored in plain text.

Code Repository Security

We use OAuth 2.0 for GitHub authentication and never store your repository credentials. Access tokens are encrypted and stored securely with automatic rotation policies.

Data Isolation

Each customer's data is logically isolated with strict access controls. Your codebase is processed in isolated environments and never shared with other customers.

Data Retention

We retain your data only as long as necessary to provide our services. You can request data deletion at any time, and we will permanently remove your information within 30 days.

Infrastructure Security

Secure Cloud Infrastructure

Afelyon runs on enterprise-grade cloud infrastructure with 99.9% uptime SLA. Our servers are hosted in SOC 2 Type II certified data centers with 24/7 monitoring.

Network Security

We implement defense-in-depth strategies including firewalls, intrusion detection systems, and DDoS protection to safeguard our infrastructure.

Regular Security Audits

Our systems undergo quarterly security audits and penetration testing by independent third-party security firms to identify and remediate vulnerabilities.

Continuous Monitoring

We maintain 24/7 security monitoring with automated alerting for suspicious activities, unauthorized access attempts, and potential security threats.

Access Control

Multi-Factor Authentication

We support and encourage the use of multi-factor authentication (MFA) for all user accounts to add an extra layer of security.

Role-Based Access Control

Fine-grained permissions ensure team members only have access to the resources they need. Admins can manage user roles and permissions centrally.

Audit Logs

Comprehensive audit logs track all user activities, API calls, and system events. Logs are immutable and retained for compliance purposes.

Session Management

Automatic session timeouts and secure session handling protect against unauthorized access. Sessions are invalidated immediately upon logout.

Compliance & Standards

SOC 2 Type II

Afelyon is SOC 2 Type II compliant, demonstrating our commitment to security, availability, and confidentiality controls.

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR), ensuring proper handling of EU citizen data with rights to access, rectification, and erasure.

CCPA Compliance

Afelyon complies with the California Consumer Privacy Act (CCPA), providing transparency and control over personal information for California residents.

ISO 27001

Our information security management system follows ISO 27001 best practices for systematic security management.

AI Model Security

Claude AI Integration

We use Anthropic's Claude AI with enterprise-grade security. Your code is processed securely and is not used to train AI models without explicit consent.

Data Privacy

Code analyzed by our AI is processed in memory and not persisted beyond the session. We implement strict data retention policies for AI processing.

Prompt Injection Protection

Our AI pipeline includes safeguards against prompt injection attacks and malicious input to ensure generated code is safe and secure.

Responsible Disclosure Policy

We take security vulnerabilities seriously and appreciate the security research community's efforts in helping us maintain the highest security standards.

Reporting Security Vulnerabilities

If you discover a security vulnerability, please report it to us privately. We are committed to working with security researchers to verify and address security issues promptly.

How to Report

security@afelyon.com

Please include detailed information about the vulnerability, steps to reproduce, and potential impact in your report.

Our Commitment

  • We will acknowledge receipt of your report within 48 hours
  • We will provide an estimated timeline for fixing the vulnerability
  • We will notify you when the vulnerability has been fixed
  • We will publicly acknowledge your responsible disclosure (with your permission)

Safe Harbor

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, following coordinated disclosure practices.

Employee Security

Background Checks

All employees with access to customer data undergo thorough background checks as part of our hiring process.

Security Training

Employees receive regular security awareness training covering data handling, phishing prevention, and security best practices.

Principle of Least Privilege

Internal access to customer data is strictly limited to employees who need it to perform their job functions, with comprehensive logging.

Confidentiality Agreements

All team members sign strict confidentiality agreements and are bound by our security policies and procedures.

Our Security Commitment

At Afelyon, security is our top priority. We employ industry-leading practices to protect your data.

Contact Security Team