Codeflash is building a long term business and keeping your source code and developer environment secure is important to us. Our team is composed of experienced security-conscious engineers who have built and secured infrastructure for big companies like Meta, Microsoft, and others, as well as for many early and growth stage startups.
This page outlines how we approach security, compliance, and data handling for Codeflash.
Please submit potential vulnerabilities to our GitHub Security page.
For any security-related questions, contact [email protected].
Codeflash is built with enterprise-grade security at its core.
We maintain SOC 2 Type II compliance and implement strict controls to protect your code and data.
SOC 2 Type II Certified — Independently audited controls for security, availability, and confidentiality.
To request a report, email [email protected].
Zero Data Retention (Privacy Mode) — Customer code is immediately deleted after optimization.
Azure Cloud Infrastructure — Leveraging Microsoft’s enterprise-grade security and compliance framework.
CodeFlash is a code performance optimization tool that automatically finds the most performant version of your code.
To be able to scan new code for performance optimizations, Codeflash requires a GitHub action workflow to be installed which runs the code optimization logic on every new pull request in your runners. If the action workflow finds an optimization, it communicates with the Codeflash GitHub app through our secure servers and asks it to suggest new changes to the pull request.
For enterprise customers, Codeflash also offers a fully on-premises deployment option. In this setup, all code analysis, optimization generation, and LLM processing happen entirely within your organization’s own infrastructure. No data leaves your environment, and no external Codeflash servers or APIs are involved.
“Sensitive Data” includes: