The promise we make
Releap is read-only by default. We never write to your code, your branches, or your files through normal Releap operation.
Two optional features require additional GitHub permissions when explicitly enabled by a workspace administrator:
pull_requests: write— Post code context comments on pull requests. Available on Business and Enterprise via GitHub PR Comments. Only requested when enabled in Settings → Integrations → GitHub PR Comments. Not part of the standard installation.contents: write— Create branches, commit to user-designated non-default branches, and open draft pull requests from Releap-generated tickets. Available on all paid plans for ticket-to-draft-PR workflows. Releap never targets the repository default branch, never merges pull requests, and never modifies repository settings. Only requested when an admin enables the branch-writing workflow in Settings → Integrations. Not part of the standard installation.
All Releap workspaces use these read-only scopes: contents: read, metadata: read, pull_requests: read.
How that promise is enforced
Seven controls, each independent of the others.
Read-only by default; opt-in write scopes
The default Releap GitHub App requests contents: read, metadata: read, and pull_requests: read. Installation tokens are short-lived (1 hour) and cannot create commits, branches, status checks, or issues. Two opt-in write scopes are requested only when an admin explicitly enables the corresponding feature: pull_requests: write for GitHub PR Comments (Business and Enterprise), and contents: write for ticket-to-draft-PR workflows — limited to auto-generated Releap branches or user-designated non-default branches. Workspaces that don't enable either feature stay read-only.
Default-deny on repos
A repo is invisible to Releap until a workspace admin explicitly grants visibility. The same default-deny applies to Confluence spaces, Jira projects, and Aha! products. Every retrieval query joins through the visibility table — turning a repo off makes it structurally invisible to retrieval.
Per-tenant isolation
Every chunk, query, ticket, and audit row is scoped by workspace_id. The pgvector index applies the
same filter — queries cannot retrieve across tenants even if
the application layer is bypassed.
Bring your own LLM
On Growth and Enterprise plans, route prompts and embeddings through your own OpenAI-compatible endpoint. On Enterprise, additionally configure full data residency so your code never leaves your network at any stage. Customer code stays inside customer infrastructure under a customer-owned DPA. Provider routing decisions are recorded in the audit log.
Encrypted credentials and content at rest
GitHub installation tokens, BYO LLM API keys, BYO embedder API keys, Atlassian OAuth tokens, and all integration credentials are AES-256-GCM encrypted at rest with keys sourced from a managed secret store. Credentials are never logged, never echoed in error messages, never returned to the browser.
All indexed code content, query history, knowledge base articles, and ticket and release-note bodies are additionally encrypted at the application layer using AES-256-GCM. Each workspace has a unique data encryption key (DEK) wrapped by a GCP Cloud KMS-managed key. The unwrapped DEK is held in process for a maximum of five minutes and never written to disk in plaintext.
Customer-managed encryption keys Enterprise
Enterprise customers can supply their own GCP Cloud KMS key to wrap the workspace data encryption key. Key custody sits with the customer: the DEK can only be unwrapped via a KMS call authenticated by the customer's service account grant. Revoking that grant or disabling the key immediately prevents any further decryption of workspace content. Configured in Settings → Security → Encryption.
Audit log
Every privileged action — repo visibility change, BYO config change, MFA reset, API-key creation, integration connect — writes a structured audit row. Releap query and ticket events log structural metadata only; never plaintext content. Full audit trail is available on Growth and Enterprise plans. Pro and Business plans log authentication events and privileged workspace actions only.
Authentication and access
Identity surface available out of the box.
- Magic link — passwordless email sign-in for all plans.
- Google OAuth 2.0 — enforces 2FA on the Google account itself.
- TOTP (2FA) — self-service enrollment, single-use recovery codes hashed at rest, admin-reset for locked-out users.
- SAML / OIDC SSO — Business and above.
- API keys — workspace-scoped, SHA-256-hashed, with audit-logged creation and revocation. Used for MCP server access and programmatic clients.
- VS Code extension — OAuth 2.1 with PKCE flow. The extension opens the browser, completes authentication, and stores tokens in VS Code SecretStorage (OS keychain backed). No tokens are written to disk in plaintext.
- OAuth 2.1 + PKCE — for MCP clients (Claude Code, Cursor, custom agents) so users can grant tokens without pasting long-lived secrets.
Security Audit Mode
Growth and Enterprise customers can provision time-bounded Security Audit Mode grants for authorized security assessors. In audit mode, designated users can query their workspace for security-sensitive content that is normally suppressed — enabling penetration testing and vulnerability assessments grounded in your actual codebase. Every query made in audit mode is logged with full retention. Grants are scoped to specific repositories, expire automatically (maximum 30 days), and are provisioned by a workspace administrator. Access cannot be self-escalated.
Common security questions
What GitHub permissions does Releap request?
Every Releap workspace uses three read-only scopes: contents: read, metadata: read, and pull_requests: read. These are requested for every
installation and are sufficient for indexing, retrieval, and every
read-only feature.
Two opt-in write scopes are only requested when a workspace
administrator explicitly enables the corresponding feature: pull_requests: write for GitHub PR Comments (Business
and Enterprise), and contents: write for
ticket-to-draft-PR workflows — limited to auto-generated Releap
branches or user-designated non-default branches. Neither write
scope is part of the standard installation. See the GitHub
permissions detail at the top of this page for the complete
permissions model.
Can Releap write to our code or branches?
Not through normal Releap operation. By default we never write to your
code, your branches, or your files. Two opt-in write scopes are
requested only when an admin explicitly enables the corresponding
feature: pull_requests: write for GitHub PR Comments
(Business and Enterprise), which posts comments on GitHub's Pull
Requests collaboration surface — never the underlying code; and contents: write for ticket-to-draft-PR workflows, which
are limited to auto-generated Releap branches or user-designated
non-default branches. Releap never targets the repository default
branch, never merges pull requests, and never modifies repository settings.
Workspaces that don't enable either feature remain fully read-only.
Do you store our source code?
Releap stores vector embeddings (mathematical representations of code chunks) and the original text of indexed chunks in our database for retrieval purposes. We do not store your full repository. Chunks are deleted when you remove a repo from your workspace or delete your workspace. We do not use your code to train any model.
Who at Releap can access our code?
Access to customer data requires explicit authorization and is logged in our audit system. Releap staff do not access customer workspace data in the normal course of operations. Support access requires a documented reason and is logged.
Where does our code go when we ask a question?
On Pro and Business plans, query context (relevant code chunks) is sent to Anthropic or OpenAI for answer generation. We use zero-data-retention API agreements with these providers where available. On Growth and Enterprise plans with BYO LLM, query context goes to your own endpoint — it never leaves your network.
Do you send our embeddings to a third party?
On Pro and Business plans, text chunks are sent to OpenAI's embedding API for indexing. On Growth and Enterprise plans with BYO embedder, embeddings are generated by your own endpoint — your code never leaves your network at any stage of the pipeline.
What encryption do you use?
All data is encrypted in transit via TLS. Integration credentials (GitHub tokens, OAuth tokens, API keys) are encrypted at rest using AES-256-GCM with keys managed in a secure secrets store. Your source code chunks and query history are encrypted at rest at the infrastructure level via Google Cloud SQL's managed encryption.
Are you SOC 2 certified?
SOC 2 Type II certification is in progress. In the meantime, we've documented our security posture in depth — covering our GitHub App permission model, encryption approach, audit log surface, multi-tenant isolation controls, and known gaps with remediation timelines. Enterprise customers can request this documentation package ahead of any procurement conversation.
For Enterprise plan customers, we're happy to work through your organization's security evaluation process directly. Contact us at security@releap.app or through the Enterprise inquiry form and we'll set up a conversation with the right level of detail for your team's needs.
Do you have a DPA available?
Yes, on Enterprise plans. Contact us to request our standard Data Processing Agreement. Custom DPA negotiation is available; allow 2–4 weeks for legal review on both sides.
What is your subprocessor list?
Releap uses the following subprocessors: Google Cloud Platform (infrastructure — Cloud Run, Cloud SQL, Secret Manager), Anthropic (LLM completions on Pro/Business), OpenAI (embeddings and optional completions on Pro/Business), Stripe (payment processing), Postmark (transactional email), GitHub (source code access), Atlassian (Confluence and Jira integration), Aha! (Aha! integration), Linear (ticket export), VS Code Marketplace (extension distribution), and Slack (Slack bot integration). Growth and Enterprise customers with BYO LLM and BYO embedder replace Anthropic and OpenAI with their own providers.
Do you support SSO?
SAML/OIDC SSO is available on Business, Growth, and Enterprise plans and integrates with Okta, Azure AD, Google Workspace, and any standard SAML 2.0 or OIDC-compliant identity provider. Pro plans support magic link (passwordless), Google OAuth, and TOTP (authenticator app) authentication.
What authentication methods are available?
All plans: magic link (passwordless email), Google OAuth 2.0, and TOTP (authenticator app with single-use recovery codes). Business, Growth, and Enterprise: SAML/OIDC SSO. Programmatic access: workspace-scoped API keys (SHA-256 hashed, never stored in plaintext) and OAuth 2.1 with PKCE for MCP clients.
How is multi-tenancy enforced?
Every piece of data in Releap — every chunk, query, ticket, and audit row — is scoped by workspace ID at the database level. The vector retrieval index applies the same workspace filter on every query. It is not possible to retrieve data across workspace boundaries even if the application layer were bypassed. Repo visibility is enforced via a default-deny join table — turning off a repo makes it structurally invisible to retrieval, not just hidden in the UI.
What happens if there is a security incident?
We maintain an incident response process and will notify affected customers within 72 hours of confirming a breach that affects their data. Enterprise customers receive direct notification via their dedicated account manager. Our security contact is security@releap.app.
Can we get a copy of your security documentation?
Yes. Enterprise prospects can request our security posture package — GitHub App permissions manifest, encryption model documentation, audit log surface description, subprocessor list, and current gap inventory with remediation timeline. Contact us via the Enterprise inquiry form or email security@releap.app.
Have a security review to run?
We will hand over the GitHub App permissions list, the encryption model, and the audit-log surface in advance of any procurement conversation.
Talk to usResponsible disclosure: found a security issue? Email security@releap.app. We acknowledge within 24 hours and provide a remediation timeline.