Koalr
Start Free Trial
Security

Your data, protected

Security is foundational to everything we build. Koalr is designed from the ground up to protect your engineering data with enterprise-grade encryption, strict access controls, and industry compliance standards.

SOC 2 Type II

In progress — expected Q3 2026

GDPR Compliant

Full compliance with EU data protection regulations

CCPA Compliant

Full compliance with California consumer privacy laws

256-bit AES Encryption

All data encrypted at rest and in transit

Infrastructure Security

Our platform runs on AWS with strict network isolation. Databases and internal services operate in private subnets with no direct internet access. All storage volumes are encrypted, and web application firewall (WAF) rules protect against common attack vectors.

  • AWS VPC isolation with private subnets
  • Encrypted EBS volumes for all storage
  • WAF protection against OWASP Top 10
  • Automated security patching and updates

Infrastructure Security

Application Security

Authentication is handled by Clerk with support for OAuth 2.0, SAML SSO, and multi-factor authentication. Every API request is authenticated and authorized through role-based access control with tenant isolation enforced at the database layer.

  • OAuth 2.0 and SAML SSO via Clerk
  • Role-based access control (RBAC)
  • API rate limiting and abuse prevention
  • Input validation and parameterized queries

Application Security

Data Protection

Your data is encrypted at every stage. At rest, we use AES-256 encryption. In transit, all connections are secured with TLS 1.3. We never access your source code or file contents. Our platform only processes development metadata such as commit timestamps, PR titles, and review activity.

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • No source code access or storage
  • Metadata-only analysis of your development process

Data Protection

Operational Security

We maintain a comprehensive security program aligned with SOC 2 requirements. All employees undergo background checks before joining. Access to production systems follows the principle of least privilege with quarterly reviews to ensure ongoing compliance.

  • SOC 2 security program
  • Employee background checks
  • Principle of least privilege
  • Quarterly access reviews and audits

Operational Security

We never access your source code

Koalr only processes metadata about your development workflow — commit timestamps, PR titles, review activity, and issue status. We never read, store, or analyze your source code, file contents, or commit diffs.

Responsible Disclosure

We take security vulnerabilities seriously. If you believe you have found a security issue in Koalr, please report it responsibly. Do not publicly disclose the issue until we have had a chance to address it.

Send your report to security@koalr.com. We will acknowledge receipt within 24 hours and provide an initial assessment within 72 hours.

Questions about security?

Our team is happy to answer your security questions, provide compliance documentation, or walk through our security architecture.

Contact Us