Security & Data Protection
Your intellectual property and sensitive data are protected with enterprise-grade security. We collect only metadata—never your source code or ticket content.
Core Security Principles
Metadata Only
We never access your source code, ticket descriptions, or comments. Only metadata like timestamps, titles, and metrics.
Encrypted at Rest
All data is encrypted using industry-standard AES-256 encryption in our secure database.
Encrypted in Transit
All communications use TLS 1.3+ encryption to protect data during transmission.
OAuth 2.0 Authentication
Secure, token-based authentication. We never store your GitHub or Jira passwords.
What Data We Collect
From GitHub
✅ We Collect:
- • Pull request titles and numbers
- • Commit messages (first 500 characters)
- • Author usernames and timestamps
- • PR merge/open dates
- • Lines added/deleted (counts only)
- • File change counts
- • Review and comment counts
- • Branch names
❌ We Never Access:
- • Source code content
- • File contents or diffs
- • Code review comments
- • Private repository code
- • Commit diffs or patches
- • Issue descriptions or comments
From Jira/Atlassian
✅ We Collect:
- • Issue keys and titles
- • Status and status transitions
- • Assignee names
- • Created/updated timestamps
- • Issue type and priority
- • Story points
- • Sprint information
- • Labels and epic links
❌ We Never Access:
- • Issue descriptions
- • Comments or discussions
- • Attachments or files
- • Custom field values (except story points)
- • Confidential ticket content
- • Internal notes
Data Protection Measures
Access Controls
Role-based access control (RBAC) ensures team members only see data relevant to their organization. Organization data is completely isolated—no cross-organization data access.
Minimal Permissions
Our GitHub App and Jira integration request only the minimum permissions required for metadata collection. We use read-only access wherever possible.
Data Retention
Activity data is retained for analytical purposes. You can request data deletion at any time. Upon account deletion, all associated data is permanently removed within 30 days.
Regular Security Audits
We conduct regular security reviews and dependency updates to protect against vulnerabilities. All third-party integrations are vetted for security compliance.
Infrastructure Security
Hosting & Infrastructure
- Hosted on enterprise-grade cloud infrastructure (Vercel, AWS)
- Automatic security patches and updates
- DDoS protection and rate limiting
- 99.9% uptime SLA
Database Security
- PostgreSQL with encryption at rest
- Automated daily backups
- Point-in-time recovery capability
- Network isolation and firewall protection
Security Standards & Compliance
GDPR Ready
We follow GDPR principles for EU users. You have the right to access, correct, or delete your personal data. Contact us at privacy@velocinator.com to exercise your rights.
Industry Best Practices
We follow industry-standard security practices including encryption, access controls, regular security updates, and secure development practices. Enterprise customers can request our security documentation.
Future Certifications
As we grow, we plan to pursue SOC 2 Type II and ISO 27001 certifications to meet enterprise compliance requirements. Contact our sales team if you have specific compliance needs.
Your Rights & Controls
Right to Access: Request a copy of all data we hold about you.
Right to Deletion: Request permanent deletion of your data at any time.
Right to Portability: Export your data in a machine-readable format.
Right to Disconnect: Revoke integration access at any time through your dashboard.
Questions About Security?
Our security team is here to address any concerns. We're happy to provide additional documentation for your legal and compliance review.
Last updated: January 30, 2026