Security and permissions
Secure by design
At Pullpo, we are committed to the protection of all user and organization data that our customers entrust to us. We use well known best practices in security and privacy.
Data storage and encryption
Pullpo never stores the content of any messages sent through GitHub or Slack channels. We only store message identifiers to link messages and keep conversations on both platforms synchronized if a user edits or delets their message. To read, edit, delete or otherwise access GitHub or Slack messages, a platform specific Access Token is required. Each Access Token is unique to their organization. We store this token using industry-standard encryption (AES-256).
Data sent to us through GitHub and Slack events is securely encrypted in transit by protocol (HTTPS/TLS) and signed with a shared secret so that we are able to validate the origin of the events and prevent external actors to impersonate your organization's members.
Third party services
With the exception of one feature (explained below) we keep everything in-house. Pullpo does not share any of your data, messages or code with any third parties.
The feature AI Summarizer is a useful way to get into context quickly. Whenever a pull request is first created, the diff contents are processed by an LLM with instructions to briefly review and summarize the most relevant code changes. This way, a reviewer that has to manage multiple code reviews at once can read the summary to get an overview of what the discussion is centered around. To generate this summary we integrate with the OpenAI API.
Go completely private!
If you don't trust OpenAI with your software changes you can simply deactivate this feature in the settings page. Once deactivated, Pullpo will never access your code. By default, this feature is deactivated on new installations.
Security Policy
Security infrastructure: Network and Physical layers
- Pullpo servers and production database operate and are under the protection of DigitalOcean. Refer to DigitalOcean's Security Page to learn about its security features (like AICPA SOC 2 Type II and SOC 3 Type II certifications, CSA STAR Level 1 and GDPR compliance).
- Access to the production database is restricted to Pullpo's cluster on DigitalOcean, which means potential hackers cannot reach it directly from the Internet.
- Pullpo's cluster uses firewalls with rules to block unauthorized connections; and network access controls to prevent unrecognized IP addresses from reaching the servers.
- DigitalOcean regularly makes backups of Pullpo's production database to minimize or prevent data loss in case of unexpected outages.
Data encryption and management
- Sensible data like Access Tokens are encrypted using strong industry-standard AES-256 encryption.
- Data sent or retrieved from both Slack and GitHub is encrypted while in transit by using the HTTPS/TLS protocol as well as verifyiable by cryptographic signature.
- Decryption keys are kept secret at all times, and access to them is restricted to top-clearence Pullpo employees only.
- Access to the production environment and backoffice tools requires unique Zero Trust Cloudflare Access authorization. Any activity gets registered in Digital Ocean's logs.
Response to security breaches
- All customers that are believed to have been affected by the breach will be notified within 48 hours from the discovery (unless delayed by law enforcement request and/or legitimate needs to investigate, mitigate and/or correct the vulnerability responsible for such breach before providing notice).
- Breach notices will include but will not be limited to:
- Description of the incident and vulnerability that caused it.
- Scope and extent to which data is believed to have been accessed and/or affected by the breach.
- Date and time of discovery of the breach and of the breach itself, if known by Pullpo engineers at the time of notice.
- Concrete actions that Pullpo has taken to mitigate any harm that might have derivated from the incident, an to prevent similar incidents to happen in the future.