A security company should show its work.
These pages document how the Offload Platform handles your data — in enough depth for your security review, with the whitepapers to back it.
Source code is never stored
Repositories are cloned into ephemeral, scan-scoped workspaces and deleted on completion — success or failure. Only findings and small per-finding excerpts (±6 lines) are retained.
Credentials encrypted at rest
Git tokens, cloud credentials, cluster configs, and API keys are encrypted with authenticated encryption (Fernet: AES-128-CBC + HMAC), decrypted in memory only at the moment of use.
Strict tenant isolation
Every record is scoped to the owning team and enforced on every read and write path, backed by database-level indexes.
Retention and deletion
Configurable retention windows on scan data; per-scan hard deletes; a tenant-offboarding cascade that removes all customer data including stored credentials.
No AI training on your data
Optional AI features use your own model-provider API keys, send minimal context, and never train on your data. Customer-specific AI responses are never cached across tenants.
On-premises deployment
The entire platform can run inside your environment — findings, excerpts, evidence, and credentials never leave your network.
For your security review
- Source Code Protection whitepaper — the full data-handling architecture
- Module whitepapers — capabilities and data handling per module
- Responsible disclosure policy
- Privacy policy and terms of service
- Data-processing agreement and subprocessor list — available on request: security@offloadsecurity.com
- Compliance roadmap and certification status — available under NDA