How we protect your code and dataSecurity at Capy
SOC 2 compliant, zero data retention, end-to-end encryption. Your code is never stored or used for training.
The Basics
Security isn't an afterthought — it's foundational.
SOC 2 Type II
Independently audited security controls meeting the highest standards for data security, availability, and confidentiality.
Zero Data Retention
Your code is never stored beyond an active session. No training, no retention. Sessions are fully purged upon completion.
End-to-End Encryption
All data encrypted in transit with TLS 1.3 and at rest with AES-256. Your code is protected at every layer.
How We Protect Your Code
From infrastructure to AI providers, every layer is secured.
Infrastructure Security
VPC-isolated infrastructure on AWS with SOC 2 certified data centers. Each workspace runs in an isolated container with no shared state.
AI Provider Security
Zero retention agreements with all model providers — Anthropic, OpenAI, and Google. No customer code is ever used for training.
Data Handling
Minimal metadata stored for billing only. Code and session data purged immediately after session ends. All data processed in US-based data centers.
Vulnerability Reporting
We take all security reports seriously and respond within 24 hours. Report vulnerabilities to security@capy.ai.
Enterprise Security
For organizations with additional security requirements.
- Dedicated infrastructure options
- Custom data residency
- Advanced audit logging with SIEM export
- SSO with SAML and OIDC
- BYOK — bring your own API keys for AI providers
- Dedicated security review and BAA if needed
FAQ
Common questions about security at Capy.
Is my code stored on Capy servers?+
Is Capy SOC 2 compliant?+
Is my code used for AI model training?+
Where is my data processed?+
How do I report a security vulnerability?+
Ship with confidence
Enterprise-grade security from day one. Start building with Capy today.
