Security and Compliance
Security and Compliance at GitStart
At GitStart, security is our top priority. This document outlines our comprehensive approach to protecting your code, intellectual property, and business interests throughout our collaboration.
Our Security Commitment
We implement robust security measures at every stage of our engagement. Our “slicing” technology ensures GitStart developers see only the portions of your codebase you explicitly authorize. You maintain complete control over what is shared at all times.
SOC-2 Type II Compliant
We adhere to industry-standard controls and follow rigorous internal policies. Our SOC-2 Type II compliance demonstrates our commitment to security, availability, and confidentiality.
Legal Protections
Terms of Service
When you sign up for GitStart, you agree to our comprehensive terms of service covering:
- Non-disclosure agreements (NDAs)
- Protection of your intellectual property (copyrights, patents, trade secrets)
- Service and payment terms
- Other operational aspects
Our complete terms of service are available at https://gitstart.com/terms.
Important:
Please review our terms carefully, as they constitute the legally binding agreement governing our collaboration.
Due Diligence Support
We provide comprehensive documentation to support your security due diligence process:
- SOC II compliance reports
- Results of recent penetration tests
- Data and Information Security policies
Most of these documents are available at trust.gitstart.com.
Security Throughout Your GitStart Journey
Secure Onboarding
During onboarding, we establish secure connections to your systems while implementing proper access controls. For detailed setup instructions, see our Getting Started Guide.
Repository Security
Our GitSlice technology creates isolated, controlled copies of only the portions of your codebase you explicitly authorize. For implementation details, refer to our Repository Configuration Guide.
Ticketing System Security
When connecting to your ticketing system, we request only the minimum necessary permissions required for collaboration. For specifics on permissions and integration security, see our Ticketing System Integration Guide.
Communication Security
Our communication channels are secured with enterprise-grade encryption and access controls. For details on setting up secure communication, see our Communication and Team Collaboration Guide.
Core Security Architecture
GitSlice Technology Overview
GitSlice is our proprietary technology that:
- Creates a separate, controlled copy of your repository
- Allows you to specify exactly which portions of your codebase to share
- Enables you to maintain full control over what you share with us
GitStart developers work on a completely separate repository (the “sliced repository”), never directly accessing your original codebase.
Access Management Principles
We implement strict controls on all access to your data:
- Developers are organized into dedicated teams
- Teams are assigned to specific client agents/instances
- Only developers within your assigned team can access your repositories and code
- Access is limited to only what is needed for assigned work
For more information about our developer community, see GitStart Developer Community.
Developer Security Protocols
All GitStart developers undergo:
- Thorough background checks
- Security training
- Contractual obligations including NDAs
- Regular security compliance reviews
Developer devices use full disk encryption to protect local copies of code, and we enforce strict security policies on all development environments.
Data Privacy and AI Usage
GitStart uses Large Language Models (LLMs) to enhance ticket creation and code generation while maintaining strict data privacy:
- We exclusively use Microsoft Azure’s secure infrastructure
- Your code and intellectual property are NEVER used to train publicly available models
- We create vector embeddings of your code and tickets solely to enable semantic search
- All AI interactions by our developers are routed through our secure APIs
- Embeddings are strictly filtered by client, agent/instance, and repository to prevent unauthorized access
- We maintain strict controls to prevent data leakage
Code Ownership and Control
Code Ownership
You own all code that GitStart developers write for you. While GitStart will appear as the code author in git history (due to the technical constraints of git), the intellectual property belongs entirely to you according to our terms of service.
Developers are fairly compensated for their work while you retain full ownership rights.
Your Control Points
You maintain control throughout the entire process:
-
Ticket Assignment Control
You decide which tickets to assign to GitStart. We only access information directly related to assigned tickets. -
Cost Approval
You must approve the cost of each PR before it can be merged. You can negotiate costs until you’re satisfied. -
Repository Access Control
You define and can modify which portions of your repository we can access. -
Quality Control
You can request changes if you’re not satisfied with the work. We’ll collaborate with you to find a suitable solution.
Security Best Practices
To maximize the security of your engagement with GitStart, we recommend:
-
Selective Repository Sharing
- Share only the specific repositories and folders required for development
- Use the ignore patterns to exclude sensitive files
- Review the Repository Configuration Guide for detailed instructions
-
Environment Variable Management
- Never share production credentials
- Create development-specific environment variables when possible
- Separate build secrets from development variables
-
Regular Access Reviews
- Periodically review which repositories and folders are shared
- Confirm that integrations have the minimum necessary permissions
- Remove access when no longer needed
-
Security Communication
- Immediately report any security concerns
- Use secure channels for sharing sensitive information
- Follow your internal security protocols when working with external vendors
For additional security questions or assistance with configuration, please contact our security team.