Skip to main content

Security

Hyrax reads your source code and holds the credentials to do it. This page is the plain-language summary of how your code and data are protected. Your security team can request deeper detail — controls, sub-processors, and our data-processing agreement — through your account contact; see also Compliance.

How your data is protected

  • Your workspace is isolated. Each workspace's data is partitioned at the database level, not by application code that has to remember to filter. One workspace can't read another's data — even two workspaces auditing the same public repo get completely independent findings and history.
  • Hyrax reads your code with short-lived access. Private repos are connected through the Hyrax GitHub App. Each job mints a token that expires within the hour; Hyrax never stores long-lived personal access tokens. Public repos added by URL are cloned with no token at all.
  • Clones are ephemeral. A job clones your repo into isolated, throwaway compute, analyzes it, and deletes the working directory when the job ends — on success, failure, or cancellation. Raw source is not kept.
  • Secrets stay out of logs. Credentials are redacted from logs and error output, kept out of subprocess environments, and cleared at job end. Per-workspace integration keys (such as a ticketing key) are encrypted before they're stored.
  • Encryption everywhere. All traffic is TLS; data at rest is encrypted with managed keys.
  • Sign-in is hosted, password-free single sign-on. You authenticate with your GitHub or Google account, or a one-time code sent to your email — there's no Hyrax password to leak. Two-factor authentication is a mandatory floor on every account, satisfied automatically by your verified login email with no setup burden; you can additionally add an authenticator app (TOTP) or passkey.
  • AI output is screened. Before Hyrax writes any AI-authored text to a PR, comment, ticket, or doc, it runs through a fail-closed validator that blocks prompt-injection and exfiltration attempts. This is layered defense, not an absolute guarantee.

What Hyrax stores

Hyrax keeps the metadata of what an audit found — finding titles, descriptions, priorities, categories, and the file locations they point at — plus your repository and discovery context. It does not keep your source files or code snippets long-term. Per-job working data auto-expires within days.

Where your code is processed

Audits, fixes, and reviews run on Hyrax-paid, AWS-hosted AI models, and your code is sent to a model only to perform the job you asked for. Whether a model provider retains inputs is governed by that provider's data policy — Hyrax does not make an independent "never used for training" claim, so if that matters to your review, the model provider's data terms are the relevant commitment.

Deleting your data

Removing a workspace is a deliberate two-step flow:

  • Disable is reversible. It revokes sign-in sessions and stored credentials, pauses integrations, cancels running jobs, and starts a grace period (about 30 days) during which your data survives and the workspace can be restored.
  • Purge is the permanent step. It erases your workspace's data, job artifacts, and stored secrets. A minimal, tamper-evident deletion receipt is retained so the deletion itself is provable.

Public repositories

You can add a public repository by URL without installing the GitHub App. Those repos are cloned anonymously and are read-only — Hyrax can audit, profile, and review them, but can't open pull requests or comment until the App is installed on the org. See Public & private repositories.

Reporting a security issue

Found a vulnerability? Report it to security@hyrax.dev. We acknowledge reports within one business day and give an initial assessment within five. Please hold public disclosure until a fix ships.