Log in
Security

Your code is safe with us

VizRepo is built with security-first principles. Your source code is never stored — only structural metadata is retained after scanning.

Code Never StoredAES-256-GCM EncryptionEU Hosted (Frankfurt)GDPR Compliant

Core security principles

Source Code Never Stored

Your code is fetched temporarily during a scan and deleted immediately after. Only structural metadata — endpoint paths, service call signatures, and diagram markup — is retained. Raw source code never hits disk.

AES-256-GCM Encryption

All access tokens and sensitive credentials are encrypted at rest using AES-256-GCM. Tokens are never logged, never exposed in error messages, and rotatable at any time from your dashboard.

EU Data Hosting

All data is hosted in the EU (Frankfurt, Germany) on encrypted infrastructure. Data never leaves the EU region. This ensures compliance with EU data residency requirements.

GDPR Compliance

VizRepo is fully GDPR-compliant. We process only the minimum data necessary, respect data deletion requests, and offer a custom Data Processing Agreement (DPA) on the Enterprise plan.

What happens during a scan

A complete overview of how VizRepo handles your code from start to finish — and why your source code is never at risk.

  1. 1
    Connect your repositoryYou provide your repo URL and an access token. Tokens are encrypted immediately with AES-256-GCM.
  2. 2
    Temporary encrypted workspaceVizRepo clones the repo into a temporary, encrypted workspace isolated from other tenants.
  3. 3
    Static analysisThe scanner extracts endpoints, service calls, and database schemas using deterministic static analysis.
  4. 4
    AI documentation generationAI generates documentation, diagrams, and user journeys from the extracted metadata — not from raw source code.
  5. 5
    Source code permanently deletedThe temporary workspace and all source code are permanently deleted. No copies are retained anywhere.
  6. 6
    Only metadata storedOnly structural metadata and generated documentation are stored — endpoint paths, diagrams, and docs you can browse.

Additional security details

Authentication

Firebase Authentication with OAuth (Google, GitHub) and email/password. All sessions are token-based with automatic expiry.

Infrastructure

Hosted on encrypted cloud infrastructure with automated backups, network isolation, and DDoS protection.

Access Control

Enterprise plan includes member roles (Viewer, Editor, Admin) for fine-grained access control over projects and scans.

Custom DPA

Available on the Enterprise plan. Contact info@vizrepo.com to request one.

SSO

Coming soon on the Enterprise plan. Single sign-on for seamless team access management.

Have security questions?

Contact us at info@vizrepo.com