Your code stays with you

Security and privacy aren't features we added. They're how the system was designed from day one.

How LocalGit works

Most engineering analytics tools require access to your source code. We don't. LocalGit is a lightweight agent that runs on your infrastructure, analyzes code locally, and sends only metadata to Gitrevio.

# What stays with you
Source code → never leaves your servers
File contents → never leaves your servers
Credentials → never leaves your servers
# What we receive
Cyclomatic complexity scores
Lines of code per file (counts only)
File names and directory structure
Code quality metrics
Language and file type classification

Customer-staff data isolation

Gitrevio employees cannot read your data by default. We enforce two-axis isolation: customer-vs-customer (per-PostgreSQL-role tenant binding — separate writer and reader roles per customer, enforced at the database engine, not application logic) and customer-vs-Gitrevio-staff (zero default privilege). This isn't a policy — it's enforced at the database level.

# Central staff access — default state
Customer DB privilege: NONE
Reader role: customer-bound only
Writer role: customer-bound only
Gitrevio staff: zero access
# Support access workflow
1. Customer submits support ticket
2. Customer admin grants time-limited access
3. Scoped credential created: SELECT only
4. Every query logged in audit log
5. Auto-revokes at expiration
6. Email notification at start, hourly, and end

Support access requires an explicit time-limited grant from your admin. When your team needs help, your admin toggles access for a specific window — 4 hours, for example. Our engineer gets a temporary PostgreSQL role with SELECT-only permissions that expires automatically.

Every query is double-logged. Both your customer audit log and our central audit log record what was accessed, when, and by whom. Your admin sees real-time support sessions in progress and can revoke access early at any time.

AI queries run through read-only SQL users. Customer database credentials are stored encrypted in our central secrets table. No shared-access shortcuts, no backdoors.

Why this matters for procurement

Regulated industries — banks, healthcare, government contractors — require attestation that vendor employees cannot access customer data. Gitrevio's architecture satisfies this requirement by design, not by policy document.

Every access grant creates an auditable record with ticket reference, granting user, scope level, timestamps, and full query log — ready for your compliance team.

Security practices

Encryption in transit

All data transmitted over TLS 1.3. No exceptions.

Encryption at rest

Customer credentials encrypted with AES-256-GCM. Database storage encrypted by the underlying engine.

Tenant isolation

Per-PostgreSQL-role isolation. Each customer has dedicated writer and reader roles, scoped to its data — cross-customer reads impossible at the database engine layer.

API key handling

Keys SHA-256 hashed at rest. Plain-text shown once at creation, never recoverable. Rotate, don't recover.

Audit log

Every API and MCP tool call logged with PII-redacted parameters. Surfaced via /api/v1/audit. SIEM export on the Q1 2027 roadmap.

Minimal permissions

We use read-only Personal Access Tokens for your git hosting and issue trackers. We never ask for write permissions.

Role-based access

AI queries run through per-customer reader roles — SELECT only on customer-scoped data. Admin access limited to ETL processes.

European infrastructure

Data processed and stored in EU data centers today. EU-only data residency tier ships Q4 2026 for regulated industries.

Ready to See Your Engineering work clearly?

Contact us