Trust Center

A security company should show its work.

These pages document how the Offload Platform handles your data — in enough depth for your security review, with the whitepapers to back it.

Source code is never stored

Repositories are cloned into ephemeral, scan-scoped workspaces and deleted on completion — success or failure. Only findings and small per-finding excerpts (±6 lines) are retained.

Credentials encrypted at rest

Git tokens, cloud credentials, cluster configs, and API keys are encrypted with authenticated encryption (Fernet: AES-128-CBC + HMAC), decrypted in memory only at the moment of use.

Strict tenant isolation

Every record is scoped to the owning team and enforced on every read and write path, backed by database-level indexes.

Retention and deletion

Configurable retention windows on scan data; per-scan hard deletes; a tenant-offboarding cascade that removes all customer data including stored credentials.

No AI training on your data

Optional AI features use your own model-provider API keys, send minimal context, and never train on your data. Customer-specific AI responses are never cached across tenants.

On-premises deployment

The entire platform can run inside your environment — findings, excerpts, evidence, and credentials never leave your network.

Documents

For your security review