Security at bugstack

Error data (stack traces, error messages, request context) is retained indefinitely. Duplicate errors within a 24-hour window are collapsed into a single record with an occurrence count. Deleting a project cascades to all associated error and fix data.

Source code files are never stored. Files are fetched from GitHub via API during fix generation and exist only in memory for the duration of the AI call. What we persist: the code snippet at the error location, the AI-generated fix, the diff, and the fix explanation. Full repository files are never written to disk or database.

File tree metadata (paths and types only, no contents) is stored per project to enable scoped context building.

Request context is redacted before storage. Header values, query parameter values, and request body values are replaced with [REDACTED] — only key names are visible.

Infrastructure: PostgreSQL on Neon (AWS, US region). Application hosted on Render (Oregon). No multi-region replication.

LLM provider: Anthropic Claude exclusively. No OpenAI or other model providers.

What we send to the model: error type, message, stack trace (first 15 lines), the primary source file, up to 10 related files (imports, 2 levels deep), type definitions, test files, and framework context. Request context values are redacted — only key names are included.

Model training: Your code is never used to train or fine-tune models. Anthropic's API has a zero-retention policy — prompts and completions are not stored or used for training per Anthropic's data usage policy.

At rest: Sensitive fields (GitHub access tokens, refresh tokens, project API keys) are encrypted with AES-256-GCM — authenticated encryption with random 12-byte IVs and 16-byte auth tags. Error data is stored with Neon's default storage encryption.

In transit: TLS 1.2+ enforced on all connections. TLS is terminated at Render's reverse proxy with automatic certificate provisioning. Database connections use sslmode=require.

bugstack uses GitHub OAuth for authentication. We request only the minimum permissions needed: repository read/write access for the repos you explicitly select. bugstack never accesses repos you haven't authorized.

Production infrastructure (Render, Neon, GitHub org) is single-operator — no shared credentials or team access.

SOC 2: Not currently pursued. Our infrastructure providers (Neon, Render, Anthropic) maintain their own SOC 2 certifications.

GDPR: bugstack can process EU user data — both Neon and Render offer EU regions. No formal Data Processing Agreement (DPA) is available at this time. If you have GDPR-specific requirements, contact us.

Data deletion: Deleting a project removes all associated error data, fixes, and metadata. Account deletion is available on request.