CodeElevate is built around a least-privilege access model. We operate read-only, handle repository access carefully, and are transparent about what we do and do not do with your code and data.
CodeElevate is designed to operate with read-only access only. The service requests the minimum read permissions necessary to perform structural analysis. Write, push, and administrative operations are outside the service's intended scope.
Permissions are scoped to what analysis requires. We do not request access beyond the scope of the analysis you have authorized. You can review and revoke authorization at any time through your source control provider's settings.
CodeElevate does not apply patches, changes, or fixes to your code — automatically or otherwise. Every finding is surfaced for your team's review. Remediation decisions belong entirely to the engineers responsible for the code.
Structural analysis produces findings and metadata about your codebase's organization. We do not retain source files beyond what is necessary to complete analysis. Findings and run metadata are retained per your account and plan settings.
You authorize and can revoke repository access through your source control provider. Revoking access through GitHub, GitLab, or Bitbucket removes CodeElevate's ability to access those repositories. We do not retain access beyond what you have actively authorized.
When integrated into a CI pipeline, CodeElevate is designed to run as a read-only observer. It is not intended to alter build artifacts, affect runtime behaviour, or introduce side effects into your deployment process.
Security is a shared responsibility between CodeElevate and our customers.
CodeElevate is responsible for
You are responsible for
CodeElevate runs on cloud infrastructure and follows security practices appropriate to a platform handling sensitive engineering data — including access controls, encryption in transit, and restricted internal access to customer data.
No system can be guaranteed to be fully secure, and we do not make that claim. We work to reduce risk through careful design and operational practices, but we cannot guarantee the prevention of every security incident. In the event of a security issue affecting customer data, we will notify affected customers in accordance with applicable law.
We do not publish specific certifications or audit results on this page. If your organization requires formal security documentation as part of procurement or vendor review, contact sales@codeelevate.dev.
If you believe you have identified a security vulnerability in CodeElevate, please contact us at contact@codeelevate.dev with a description of the issue and the steps to reproduce it. We ask that you allow us reasonable time to investigate and respond before any public disclosure. We will acknowledge your report promptly and work to address confirmed issues as a priority.
For security-related questions about the platform, data handling, or enterprise procurement requirements, contact contact@codeelevate.dev. For product support, use support@codeelevate.dev.
This page provides a summary of CodeElevate's security approach and is intended to help teams understand how the service operates. It does not constitute a legally binding warranty, guarantee of security outcomes, or guarantee of service availability. Security practices may evolve as the platform develops. For contractual security commitments, refer to your service agreement or contact us directly.