Privacy & Security
Mesrai is built with security and privacy as core principles. We understand that your code is your most valuable intellectual property.
Security Overview
Our Security Commitment
Your code is never stored on our servers. We process code in memory and delete it immediately after analysis.
Our security practices include:
- Code processed in isolated sandbox environments
- No permanent storage of source code
- Encrypted communications (TLS 1.3)
- Secure authentication via GitHub OAuth
Infrastructure Security
| Component | Security Measure |
|---|---|
| Data in Transit | TLS 1.3 encryption |
| Code Processing | Isolated sandbox environment |
| Authentication | OAuth 2.0 via GitHub |
| Access Control | Role-based permissions |
Data Handling
What We Access
When you connect a repository, Mesrai accesses:
- β Source code in pull requests (temporarily, for analysis)
- β PR metadata (title, description, author)
- β File change history for context
- β We never access credentials or secrets
- β We never store your code permanently
Code Processing
Your code is processed securely:
- Fetched on demand β Code is retrieved only when a PR is opened
- Processed in memory β Analysis runs in isolated sandbox
- Immediately deleted β Source code is never saved to disk
- Only results saved β We store review comments, not your code
Zero code retention β Your source code never leaves the analysis sandbox and is deleted immediately after review.
What We Store
| Data Type | Whatβs Stored |
|---|---|
| Review Comments | The feedback we provide on your PRs |
| Usage Metrics | How many PRs reviewed, tokens used |
| Account Data | Your login and preferences |
| Source Code | Never stored |
Privacy Controls
All privacy settings are configured through the Mesrai Dashboard.
How to Configure
- Go to app.mesrai.com
- Select your Organization or Repository
- Navigate to Settings β Privacy
- Configure your preferences
Repository-Level Settings
Control what Mesrai can access for each repository:
| Setting | Description |
|---|---|
| Exclude Paths | Directories to skip (e.g., secrets/, config/) |
| Exclude Patterns | File patterns to ignore (e.g., *.env, *.key) |
| Sensitive File Detection | Auto-detect and skip sensitive files |
Organization Settings
Administrators can configure organization-wide settings:
- File exclusions β Skip certain files across all repos
- Team permissions β Control who can access what
- Audit logging β Track activity in your organization
Security Features
Vulnerability Detection
Mesrai scans for security vulnerabilities in your code:
// β SQL Injection vulnerability detected
const query = `SELECT * FROM users WHERE id = ${userId}`;
// β
Suggested fix
const query = 'SELECT * FROM users WHERE id = $1';
const result = await db.query(query, [userId]);Secret Detection
Automatic detection of accidentally committed secrets:
- API keys and tokens
- Database credentials
- Private keys
- OAuth secrets
When detected, Mesrai alerts you immediately so you can revoke and rotate the exposed credentials.
Enterprise Options
For teams with specific security requirements:
- SSO Integration β Okta, Azure AD, Google Workspace
- Custom data retention β Configure how long data is kept
- Dedicated support β Direct access to our security team
Contact us to discuss your security requirements.
Frequently Asked Questions
Is my code stored on your servers?
No. Your code is processed in memory and deleted immediately after analysis. We never store source code on disk or in databases.
Can Mesrai access private repositories?
Only repositories you explicitly grant access to via the GitHub App. You control which repos Mesrai can see.
What happens if I revoke access?
All data associated with your repositories is deleted. Review comments remain on GitHub as theyβre stored by GitHub, not us.
How is data transmitted?
All data is encrypted in transit using TLS 1.3. We never transmit code over unencrypted connections.
Reporting Security Issues
Found a security issue? We appreciate responsible disclosure:
- Email: security@mesrai.com
We take all reports seriously and will respond promptly.