NEWRead
Trust · Security

Security at the core. Audited by default.

Every agent runs in its own VM. Every request crosses a zero-trust boundary. Every action is logged, reviewable, and reversible.

Read the docsReport a vulnerability
Customer browserL1
Edge / CDNL2
API gatewayL3
Workers / orchestrationL4
SandboxesL5
Database / storageL6
zero-trust · auditedlive
Certifications & frameworks

Audited, documented, accountable.

Where we stand today - and where we are heading. Status is updated as audits progress. Attestation letters available on request.

In progress

SOC 2 Type II

Type I controls mapped; Type II observation window underway with an independent CPA firm.

Roadmap

ISO 27001

Statement of Applicability drafted. Formal certification scheduled once SOC 2 Type II lands.

Compliant

GDPR

EU-based processing options, DPA available, lawful basis documented per processing activity.

On request

HIPAA

BAA and HIPAA-aligned controls available for healthcare customers on enterprise plans.

Annual

Penetration testing

Third-party black-box and grey-box testing each year. Findings tracked to closure in our SDLC.

Compliant

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest, customer-managed key option on enterprise.

Need an attestation letter? Email the security team
Architecture

Defense in depth, one layer per concern.

Each layer has its own threat model and its own controls. No single failure exposes customer data.

L1Browser
TLS 1.3HSTSCSP
L2Edge / CDN
DDoSWAFBot mitigation
L3API gateway
JWT + short TTLRBACRate limits
L4Workers
Per-job tokensSigned payloadsAudit log
L5Sandboxes
Per-agent VMEgress allowlistNo persistent state
L6Database
AES-256 at restPITR backupsKey rotation
request path · top to bottomdefense in depth
step 01

Identity is verified at the edge and re-verified at every internal hop. Tokens are short-lived, scoped per action, and never reach the sandbox.

step 02

Workloads are isolated at the hardware boundary. Each agent gets a fresh VM with its own filesystem, network namespace, and egress allowlist.

step 03

Storage is encrypted with rotating keys. Audit logs are immutable and exported to a write-once sink for forensic investigation.

Identity & access

Zero trust, by default.

Every action is authenticated, authorised, and attributable to a real principal - human or machine.

SSO (SAML / OIDC)

Bring your identity provider. Enforce single sign-on across the team workspace, with JIT provisioning supported.

SCIM provisioning

Automate user lifecycle from your IdP. Joiners, movers, and leavers reflected within minutes.

MFA enforced

TOTP and WebAuthn supported. Workspace admins can require MFA for all human principals.

RBAC + audit logs

Granular roles for owners, admins, members, and read-only. Every privileged action is logged and exportable.

Short-lived API tokens

API tokens are scoped, expiring, and rotatable. Long-lived static credentials are not supported by default.

Session lifecycle

Idle and absolute session timeouts. Admins can revoke any active session from the workspace dashboard.

Data protection

Your code, your data, your control.

We hold customer data with the same posture you would: encrypt by default, minimise retention, prove deletion.

01

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Encryption keys are managed by a dedicated KMS with rotation enforced on a quarterly cadence.

02

Primary processing happens in the EU by default. US, UK, and customer-specified regions are available on enterprise plans. Data residency is contractually documented.

03

Operational logs are retained for 30 days. Customer-generated artefacts follow the retention policy you configure per workspace, with a hard upper bound enforced by the platform.

04

On termination, we issue cryptographic erasure within 30 days and deliver a written deletion certificate on request. Backups age out under the same policy.

data lifecycle
Customer datastep 1
Encrypted volumestep 2
Retained 30 daysstep 3
Cryptographic erasureend
encrypted · auditable · reversible
Isolation

One VM per agent. Always.

Sandboxes are the hard boundary between an agent and the rest of the world - and between one customer and the next.

Every agent run launches in a fresh micro-VM with its own kernel, filesystem, and network namespace. There is no shared mutable state between sandboxes.

Network egress is allowlist-only and recorded. The sandbox cannot reach internal CodeCourier services and cannot reach another customer's resources - the routing table makes that impossible.

When the run ends, the VM is destroyed. Snapshots are encrypted and namespaced to the originating workspace; they cannot be mounted by anyone else.

Agent A · sandbox-7f3e2
fs/ ext4 (encrypted)
tokenper-run · 15 min ttl
egressallowlist · logged
Agent B · sandbox-91ab0
fs/ ext4 (encrypted)
tokenper-run · 15 min ttl
egressallowlist · logged
Isolated by design
Network & infrastructure

Hardened infra, audited continuously.

Production runs on tier-one cloud providers with multi-region redundancy and continuous attack-surface monitoring.

Multi-region cloud

Tier-one cloud providers with primary and standby regions. Documented RPO and RTO for each tier.

DDoS protection

Layer 3, 4, and 7 protection at the edge. Adaptive rate limits keep abuse from reaching origin.

Private networking

Internal services communicate over private VPC links. No production traffic transits the public internet between hops.

Hardware-rooted attestation

Build and deploy pipelines use signed artefacts with attestation traceable back to source commit.

Continuous vulnerability scanning

Dependencies, containers, and infrastructure are scanned continuously. Criticals are patched within 24 hours.

Vendor security reviews

Every subprocessor is reviewed before onboarding and re-reviewed annually. Findings drive contractual controls.

Operational practices

Process is the other half of security.

Strong controls only matter if humans operate them well. Our SDLC and on-call practices are built to keep us honest.

Least-privilege defaults

Engineers start with no production access. Elevated access is time-bound, reviewed, and logged.

Quarterly access reviews

Every access grant is re-justified quarterly. Stale or unused permissions are revoked automatically.

Mandatory code review

No code reaches production without review by a separate engineer. Security-sensitive paths require two reviewers.

Secret management

Secrets live in a Vault-style store with leasing and rotation. Secrets never enter source code or build logs.

Incident response runbook

Documented severities, paging matrix, and customer-notification timelines. Post-mortems are blameless and shared.

Annual tabletop exercises

We rehearse breach, ransomware, and key-compromise scenarios at least once per year, with leadership in the room.

Our stack

Subprocessors, by category.

We work with a small set of vetted vendors: cloud infrastructure, identity, email delivery, observability, and payment processing. Each one is bound by a written agreement with security and data-processing obligations.

Cloud infra
Identity
Email
Observability

Full subprocessor list - including legal entity, region, and purpose - available on request under NDA.

Request the subprocessor list
Responsible disclosure

Report a vulnerability.

We treat researcher reports as a gift. Send us a finding in good faith and we will respond, fix, and credit you.

Contact
info@codecourier.dev
First response
Within 48 hours
PGP fingerprint
4AF1 2C9B 7E03 51D4 8A6F 29BD 7C4A 0F12 9E58 B6D3placeholder
Recognition
Hall of Fame credit on request after a fix ships.
Scope · in

In scope: codecourier.dev and subdomains, our SDKs, our published Docker images.

Scope · out

Out of scope: customer code running inside sandboxes, social engineering, denial of service.

Report a vulnerability.
Security FAQ

The questions every CISO asks.

Can I get a copy of your SOC 2 report?
Yes, under NDA. Email the security team and we will send the current bridge letter immediately and the full report once the Type II observation window completes.
Where is my data stored geographically?
EU (Frankfurt) by default. US (Virginia), UK (London), and customer-specified regions are available on enterprise plans. Residency is contractually documented in the DPA.
How are secrets handled inside sandboxes?
Secrets are injected as ephemeral environment variables scoped to a single run, never written to disk, and rotated per run. Sandboxes have no path to your CI/CD secret store.
Do you train models on customer code?
No. Customer code, prompts, and outputs are never used to train CodeCourier or third-party foundation models. This is contractually guaranteed in the DPA.
What happens to my data when I cancel?
Customer data is cryptographically erased within 30 days of termination. We issue a written deletion certificate on request. Backups age out under the same window.
Do you support BYOK (bring your own key)?
Yes, on enterprise plans. Bring keys from AWS KMS, GCP KMS, or Azure Key Vault. Revoking your key revokes our ability to read your data, immediately.
Talk to the security team

Got a harder question? We answer those too.

Read the docsContact the security team
Free for 14 days · no credit card

Hire your first AI engineer.
Ship by lunchtime.

5 minutes to onboard. First PR within an hour. Cancel anytime.

Deploy your first agentBook a 20-min demo