Security & Privacy

Your code and data are protected with enterprise-grade security

Data Protection

  • Tenant Isolation: All data is strictly isolated by tenant. Your code and review results are never accessible to other tenants.
  • Encryption in Transit: All API communications use TLS 1.3 encryption.
  • Encryption at Rest: Sensitive data such as GitLab tokens and webhook secrets are encrypted in the database.
  • No Code Storage: Your source code is processed in memory only. We never store your code permanently.

Authentication & Access

  • JWT-Based Authentication: Secure token-based authentication with configurable expiration.
  • Role-Based Access: Support for owner, admin, and member roles with granular permissions.
  • Webhook Security: Each tenant has a unique webhook secret for secure GitLab integration.
  • Password Security: Passwords are hashed using industry-standard algorithms (SHA-256, with plans for bcrypt/argon2).

Infrastructure

  • Hosting: Deployed on Railway with enterprise-grade infrastructure.
  • Database: PostgreSQL with automated backups and point-in-time recovery.
  • Monitoring: Comprehensive logging and monitoring for security events.
  • Compliance: Regular security audits and compliance reviews.

Reporting Security Issues

If you discover a security vulnerability, please report it to security@quickiter.com. We take security seriously and will respond promptly.

Please do not publicly disclose vulnerabilities until we have had a chance to address them.