Log in
Security

Your code is safe

VizRepo is built with security-first principles. Your source code is never stored - only structural metadata is retained after scanning.

Code Never StoredAES-256-GCM EncryptionEU Hosted (Frankfurt)EU-hosted · GDPR-ready

Core security principles

Source Code Never Stored

Your code is fetched temporarily during a scan and deleted immediately after. Only structural metadata - endpoint paths, service call signatures, and diagram markup - is retained. Raw source code never hits disk.

AES-256-GCM Encryption

All access tokens and sensitive credentials are encrypted at rest using AES-256-GCM. Tokens are never logged, never exposed in error messages, and rotatable at any time from your dashboard.

EU Data Hosting

All data is hosted in the EU (Frankfurt, Germany) on encrypted infrastructure. Data never leaves the EU region. This ensures compliance with EU data residency requirements.

Built for GDPR

Built with GDPR principles: data minimisation, EU-only hosting, and the right to erasure - deleting your account removes all associated data. A custom Data Processing Agreement (DPA) is available on the Enterprise plan.

What happens during a scan

A complete overview of how VizRepo handles your code from start to finish - and why your source code is never at risk.

  1. 1
    Connect your repositoryYou provide your repo URL and an access token. Tokens are encrypted immediately with AES-256-GCM.
  2. 2
    Temporary encrypted workspaceVizRepo clones the repo into an isolated temporary workspace scoped to your scan.
  3. 3
    Static analysisThe scanner extracts endpoints, service calls, and database schemas using deterministic static analysis.
  4. 4
    AI documentation generationAI generates documentation, diagrams, and user journeys from the extracted metadata - not from raw source code.
  5. 5
    Source code permanently deletedThe temporary workspace and all source code are permanently deleted. No copies are retained anywhere.
  6. 6
    Only metadata storedOnly structural metadata and generated documentation are stored - endpoint paths, diagrams, and docs you can browse.

Additional security details

Authentication

Firebase Authentication with OAuth (Google, GitHub) and email/password. All sessions are token-based with automatic expiry.

Infrastructure

Hosted on encrypted cloud infrastructure with automated backups, network isolation, and DDoS protection.

Access Control

Enterprise plan includes member roles (Viewer, Editor, Admin) for fine-grained access control over projects and scans.

Custom DPA

Available on the Enterprise plan. Contact info@vizrepo.com to request one.

Security questions or responsible disclosure?

Reach our security team directly at info@vizrepo.com. We respond within one business day.