Back to home
Security posture

Security and data handling

A plain-language summary of what data TriRev accesses, what it stores, and what happens when something goes wrong.

What we send for the review

TriRev sends to the AI reviewer only the data needed to review the pull request: the unified diff (changed lines), the full content of changed files smaller than 500 lines (for context the reviewer needs to reason accurately), and the PR metadata (title, branch names, author username, PR number, repository identifier).

TriRev does not clone the repository, does not fetch branch history or unrelated files, does not read files outside the diff context window, and does not make any GitHub API call beyond the ones required for the review and to post the comment.

TriRev requests pull_requests: read/write and contents: read at the minimum scope required. This is a design and code-level commitment, not a restriction enforced by the permission scope itself.

Zero retention on our side

TriRev does not retain your code. After the review job completes, the diff content and any file context exist only in the transient memory of the review worker for the duration of that job. They are not written to a database, cache, log file, or object store on our infrastructure.

What is retained on our side: review metadata - repository identifier, PR number, delivery ID, timestamp, and job status. This metadata is used for billing metering and incident debugging. It does not include code content, file paths from the diff, or comment text.

TriRev itself does not fine-tune or train any model on your code. The underlying language model is provided by Anthropic (Claude) via their Commercial API. As of 3 May 2026, under Anthropic's Commercial Terms of Service, Anthropic may retain inputs and outputs for up to 30 days for trust and safety review; we have not enabled the Anthropic Zero-Retention option at MVP. Anthropic's commercial API terms commit not to use your data to train Anthropic's foundation models. See our sub-processors section for details.

GitHub permission scopes requested

TriRev requests the following GitHub App permissions. No others.

Permission Access level Purpose
pull_requests Read and write Read PR metadata and diff; post the unified review comment
contents Read Fetch diff content for the changed files in the PR
metadata Read Required by GitHub for all Apps; provides repository name and visibility

Write access on pull_requests is used exclusively to post review comments on the PR. TriRev cannot push code, modify branches, merge PRs, or access issues, wikis, or any other repository resource.

Our internal security practices

We hold ourselves to the same standard we apply to your code:

  • Branch protection: all changes to the TriRev production codebase require a passing CI check before merge. Direct pushes to the main branch are blocked.
  • Credential hygiene: developer commits are scanned for leaked secrets before they reach the repository. Credentials are stored as environment variables, never in source code.
  • Database access: the TriRev database is configured for private-network-only access via our hosting infrastructure. No public TCP endpoint is exposed.
  • Startup fail-fast: the production service refuses to start if any required credential is missing, preventing silent degraded-auth states.
  • Webhook authenticity: every inbound GitHub webhook is verified using HMAC-SHA256 with timing-safe comparison before any processing begins.

We conduct internal security audits at major milestones. Our most recent internal audit, conducted on 2026-05-03 by the TriRev engineering team, found no critical or high findings. Two low-severity architectural backlog items from the prior internal audit (2026-04-09) remain open and are not exploitable in the current production configuration. These are internal reviews; we have not yet commissioned a third-party penetration test.

Incident response

The response timeline below is an internal target, not a contractual commitment. We aim to honor it on a best-effort basis, subject to availability and the specifics of each incident. Contractual SLAs are available on request for enterprise plans.

P0 - Critical Active exploit or confirmed data exposure: target containment within 1 hour. Disclosure obligations followed per applicable law (CNIL within 72 hours where the GDPR applies).

P1 - High Confirmed vulnerability with an exploit path: target response within 4 hours.

P2 - Medium Suspected abuse or partial exposure risk: target investigation within 24 hours.

Token rotation (webhook secret, App private key) can be completed in under 10 minutes. The GitHub App can be suspended immediately from the App settings page to stop all webhook delivery while an investigation is in progress.

To report a security concern, contact us at support@trirev.dev. Please include as much detail as possible so we can reproduce and address the issue promptly.

We do not currently offer a bug bounty program. Responsible disclosure is appreciated and we will acknowledge your report.