Security

How DocCharm handles your code and data. This describes the controls in place today; it evolves as the product does.

Access to your code

DocCharm connects through a GitHub App with read-only access to the repositories you choose. It reads merged changes to draft help-article updates; it never writes to your repositories.

Secrets in changes

Before any change is sent to an AI model, DocCharm strips recognised credentials from it — API keys, tokens, private keys, and secret-named values — so your secrets are not shared with our model or embedding providers. This is defence in depth, not a substitute for keeping secrets out of source control.

AI providers and training

Drafting uses a third-party AI model provider, and search uses an embeddings provider. Your company's code and content are never used to train anyone else's AI models.

Tenant isolation

Each workspace's content lives in its own isolated, per-tenant database, so one customer's data is never mixed with another's.

Hosting and encryption

Data is hosted in the EU and encrypted in transit with TLS. Encryption at rest and continuous off-host backups are on our roadmap.

Subprocessors

We rely on a small set of providers to run the service: an EU hosting provider, an AI model provider (drafting), an embeddings provider (search), a payments provider, and a transactional email provider. Each receives only the data needed for its function.

Reporting a vulnerability

Found a security issue? Please email [email protected] and we'll respond quickly.