Security

BugLens requests the minimum permissions required to do its job:

BugLens never requests access to your organisation's members, secrets, or settings.

• GitHub installation tokens are encrypted at rest using AES-256-GCM with a 256-bit key
• The encryption key is stored as a secret environment variable — never in code or version control
• Tokens are decrypted only at review time and never logged

• Only the diff (changed lines) of a PR is sent for analysis — not full file contents
• Diffs are sent to our AI analysis provider over HTTPS. We do not retain diffs after analysis completes.
• Review findings (bug descriptions, line numbers, suggestions) are stored in our database tied to your account
• We do not use your code or diffs to train any AI model

• All traffic is served over HTTPS/TLS 1.3
• Backend runs on Render (isolated containers, not shared hosting)
• Database hosted on Supabase with Row Level Security — users can only access their own data
• No SSH keys, production secrets, or credentials are stored in our GitHub repositories

• Cannot write code to your repository (no push access)
• Cannot access branches, tags, or commits outside of open PR diffs
• Cannot read your repository's secrets or environment variables
• Cannot access any repository you haven't explicitly installed the GitHub App on

Found a security vulnerability? Please email satyatechgeek@gmail.com with details. We'll respond within 48 hours and credit you if you'd like.

Please do not disclose publicly until we've had a chance to investigate and patch.