Security you can audit

SOC 2 Type II, GDPR compliant, and fully open source. We protect your data with strong controls, and let you verify every one of them.

How we keep your data safe

The essentials, without the security-theater checklist. Every claim below is enforced in code you can read.

Open source, auditable

Every line of the platform and the SDKs is public. Read the code, verify our claims, and send a PR.

Encrypted access tokens

Your GitHub and GitLab access tokens are encrypted at rest, never stored in plain text.

Screenshots on secure S3

Stored on AWS S3 in the US, encrypted at rest and in transit with modern protocols.

SOC 2 Type II

Independently audited controls across infrastructure, access management, and data protection.

No source code access

Argos never needs your source. An optional GitHub mode works without any content permission.

Least-privilege access

Access to your data is role-based, logged, and monitored, and deleted when you leave.

SOC 2 Type II

Independently audited, continuously

SOC 2 is the AICPA framework for how organizations manage customer data across security, availability, processing integrity, confidentiality, and privacy. Type II verifies our controls work over time, not just on paper. This is a long-term security investment, not a short-term growth play.

Request the report
Framework
AICPA SOC 2 Type II
Continuous monitoring
GDPR

Privacy built into the product

Many of our customers are based in Europe or serve European users. We align our operations with GDPR, from how we handle data to how we design our systems. Data is stored in the US, with Standard Contractual Clauses covering lawful EU transfers.

Read the privacy policy
GDPR gives individuals the right to:
  • Know how their data is used
  • Access and correct their data
  • Delete their data
  • Limit or object to processing
  • Data portability
  • Protection from solely automated decisions
Data Encryption

All datastores are encrypted at rest. Sensitive information is encrypted at the application level.

Access Control

We implement strict access controls to ensure that only authorized personnel can access sensitive data.

Data Minimization

We only collect and process the minimum amount of personal data necessary for our services.

Responsible disclosure

Found something? Tell us

We value input from the community to help us detect vulnerabilities. If you believe you have found a security issue, please follow our disclosure policy to report it.

Report vulnerability

Frequently Asked Questions

Supercharge your product quality

See every change your team and your agents make. Review with confidence, and merge faster.