Google Gemini Hackathon 2026 Submission·Try it live
Security & Trust

Built for
Enterprise Trust

Security, transparency, and compliance designed in from day one. Your code and customer data are protected at every step.

Security by design

Trust signals that matter for engineering teams and security-conscious organizations

No production secrets required

Demo mode never asks for production credentials. Run safely on sample repositories without exposing sensitive data.

Coming soon

Least-privilege GitHub access

GitHub OAuth and App integrations use minimal permissions. Only request access to specific repositories you choose.

Deletable run artifacts

All pipeline runs and artifacts are stored per-run. Delete any run and its complete artifact pack at any time.

Roadmap

Self-host & on-premise options

Deploy Growpad within your infrastructure for complete control over data, execution, and compliance.

Complete audit trail

Every decision, code change, and test result is logged with timestamps and evidence links for full traceability.

In development

Policy engine & permissions

Define what actions the pipeline can take, set retry limits, and control which tools are allowed per repository.

Compliance & governance

Enterprise-grade practices for data protection, privacy, and auditability

Data minimization

We only store what's necessary for pipeline execution and artifact generation.

No training on your code

Your code and customer evidence are never used to train AI models.

Encryption at rest & in transit

All data is encrypted using industry-standard protocols (TLS 1.3, AES-256).

Isolated execution environments

Each pipeline run executes in an isolated sandbox with limited network access.

Audit log export

Export complete audit logs for compliance reporting and internal reviews.

SOC 2 compliance path

Enterprise plan includes SOC 2 Type II compliance documentation.

Complete transparency

Every pipeline run includes a complete artifact pack with evidence maps, decision logs, code diffs, and test results. You can trace every line of generated code back to the original customer evidence.

Evidence → PRD traceability
PRD → Ticket mapping
Ticket → Code diff links
Test results with full logs
Retry attempts and outcomes
Timestamp and metadata for all actions

Have security questions?

We're happy to discuss your specific security requirements, compliance needs, or self-hosting options.

Contact Security Teamsecurity@growpad.co