Skip to Content
Security & Privacy

Security & Privacy

Your source code is your most valuable asset. Here’s exactly how Vouch handles it.

How Code Is Processed

  • No persistent source storage. Vouch loads your code into memory only for the duration of the scan. Once the score is generated and findings are recorded, the raw code is deleted immediately.
  • Only metadata is persisted. We store finding metadata — file name, line number, vulnerability ID, severity — to power your dashboard history and live badge. The actual code is never written to disk.

Privacy & GDPR

Vouch operates within EU data protection standards. No personal data is embedded in the finding metadata stored on our servers.

AI & Model Training

Vouch uses commercial AI APIs (Anthropic Claude, Google Gemini) for the AI Translation Layer and Auto-Fix generation.

  • Explicit opt-outs are in place. Your code is never used to train or fine-tune any foundation model.
  • No IP leakage. Proprietary source code does not flow into any LLM provider’s knowledge base.

GitHub Permissions

The Vouch GitHub App requests read-only access to your selected repositories. Write access is only requested if you explicitly enable the feature that allows Vouch to open Pull Requests with Auto-Fix patches on your behalf.

Last updated on
VS Code ExtensionPlatform Guides Overview