How we protect your code and dataSecurity at Capy
SOC 2 compliant, end-to-end encryption, isolated environments. Session data deleted after use.
The Basics
Security isn't an afterthought — it's foundational.
SOC 2 Type II
Independently audited security controls meeting the highest standards for data security, availability, and confidentiality.
Limited Data Retention
Code runs in isolated, ephemeral environments. Session data is deleted after use. Only minimal metadata is retained for billing, support, and security.
End-to-End Encryption
All data encrypted in transit with TLS 1.3 and at rest with AES-256. Your code is protected at every layer.
How We Protect Your Code
From infrastructure to AI providers, every layer is secured.
Infrastructure Security
VPC-isolated infrastructure on AWS with SOC 2 certified data centers. Each workspace runs in an isolated container with no shared state.
AI Provider Security
Strict contractual data-handling terms with all model providers — Anthropic, OpenAI, and Google. Enterprise customers can bring their own API keys for full control.
Data Handling
Minimal metadata retained for billing, support, and security. Session data is deleted after use. All data processed in US-based data centers.
Vulnerability Reporting
We take all security reports seriously and respond within 24 hours. Report vulnerabilities to security@capy.ai.
Enterprise Security
For organizations with additional security requirements.
- Dedicated infrastructure options
- Custom data residency
- Advanced audit logging with SIEM export
- SSO with SAML and OIDC
- BYOK — bring your own API keys for AI providers
- Dedicated security review and BAA if needed
FAQ
Common questions about security at Capy.
Is my code stored on Capy servers?+
Is Capy SOC 2 compliant?+
How does Capy handle AI provider data?+
Where is my data processed?+
How do I report a security vulnerability?+
Ship with confidence
Enterprise-grade security from day one. Start building with Capy today.
