SecurityHow we protect your code and data

Security at Capy

SOC 2 compliant, isolated agent environments, scoped access.

The Basics

The Basics

SOC 2 Type II

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality.

Isolated by Design

Isolated by Design

Agent work runs in isolated cloud execution environments scoped to the repositories, integrations, and configuration you authorize.

You Stay in Control

You Stay in Control

Repository permissions, environment variables, model choices, and enterprise SSO/BYOK options are configurable by your team.

How We Protect Your Code

How We Protect Your Code

Security controls span infrastructure, product workflows, and AI-provider data handling.

Infrastructure Security

Infrastructure Security

Production systems use encryption in transit, encryption at rest where supported, access controls, monitoring, and change-management processes.

AI Provider Security

AI Provider Security

Capy does not use non-public customer code or Customer Content to train models that Capy develops or controls unless you explicitly opt in or separately agree in writing. Third-party provider processing is subject to provider terms.

Data Processing

Data Processing

Our Privacy Policy, DPA, and Subprocessors page describe what data is processed, why, and by which providers.

Vulnerability Reporting

Vulnerability Reporting

We take security reports seriously and aim to acknowledge reports quickly. Report vulnerabilities to security@capy.ai.

Enterprise Security

Enterprise Security

For organizations with additional security requirements.

  • Customer-specific environment or infrastructure arrangements by agreement
  • Custom data-processing terms
  • Audit logging and export options by agreement
  • Enterprise SSO options
  • BYOK for supported AI providers
  • Security review, dedicated support, and custom contract terms
Peeking Capy
FAQ

FAQ

Common questions about security at Capy.

Is Capy SOC 2 compliant?+
Yes. Capy is SOC 2 Type II certified. Our controls are independently audited for security, availability, and confidentiality.
How does Capy handle AI provider data?+
Capy routes prompts, code context, files, logs, screenshots, and generated output to model providers only as needed to provide selected AI features. Capy does not use non-public Customer Content to train models that Capy develops or controls unless you explicitly opt in or separately agree in writing. Third-party model-provider processing is subject to the applicable provider’s terms, policies, configurations, and data-processing commitments.
Where is my data processed?+
Capy and its subprocessors may process data in the United States and other countries depending on the feature, provider, model, and integration you use. See the Privacy Policy and Subprocessors page for details.
How do I report a security vulnerability?+
Email security@capy.ai. Please include enough detail to reproduce the issue and avoid accessing other customers’ data or disrupting the service.

Ship with confidence

Security-conscious controls from day one. Start building with Capy today.

Capy Portal