Your data, our top priority

All sensitive data stored on our servers — including scan results, findings, OAuth tokens, and account information — is encrypted at rest using AES-256, the same standard used by leading cloud providers and financial institutions.

All communication between your browser and our servers is protected by HTTPS with TLS 1.2 or higher. This applies to every request: authentication, dashboard activity, scan operations, and API calls. Unencrypted HTTP connections are automatically redirected to HTTPS.

Your repository metadata and scan results are never used to train, fine-tune, or otherwise improve any AI model — neither by us nor by any of our service providers.

You retain full ownership of your GitHub organization data. We act solely as a data processor on your behalf. Your repository settings and compliance data belong to you — always.

We never sell, rent, or share your personal data with third parties for marketing or advertising. Your data is never monetized or sold to data brokers or advertisers.

Add an extra layer of security with two-factor authentication. Enable MFA from Profile → Two-Factor Authentication in your dashboard. Use an authenticator app — you'll receive recovery codes to regain access if you lose your device.

View your active sessions across browsers and devices from Profile → Browser Sessions. If you suspect your account has been compromised, you can log out of all other browser sessions at once — keeping only your current session active.

Before working with any third-party subprocessor or vendor, GitScope carefully evaluates their privacy, security, and confidentiality practices.

Key subprocessors include infrastructure hosting providers, GitHub (for repository access), billing providers, and integration partners such as Slack and Linear. All subprocessors are reviewed periodically to ensure ongoing compliance with our security and privacy standards.

See our Subprocessors page for the full list. For privacy details, see our Privacy Policy.

Access control is fully manageable by you. Invite members, create and assign roles with granular permissions for repositories, policies, and integrations.

See the Roles & permissions section on our homepage for details.

You can download a copy of your personal data at any time from your profile. Go to Profile → Export Your Data and click the export button. The download includes:

• Account info (name, email, created date)
• Team memberships (teams you belong to, your role in each)
• Pending team invitations
• Active browser sessions

The export is a JSON file scoped to your account.