Codebear logoBEETLE

Security Practices

Learn about our robust security policies and compliance standards. We are committed to transparency and protecting your data.

Infrastructure and Deployment

Beetle is currently available as a cloud-based service, and we are actively working on a self-hosted ("bring-your-own-cloud") solution.

Cloud-based (hosted) services

Our entire backend architecture is hosted on AWS EC2 instances, secured by Amazon Security. We use secured E2B sandboxes for analysis execution, ensuring complete isolation.

How Beetle Handles Your Code End-to-End Securely

  • Secure, Isolated Sandbox Execution: Every analysis runs inside a fully isolated sandbox (powered by e2b). Your code never touches our main servers.
  • Direct, Temporary Repo Cloning: We clone your repository directly into the sandbox, using short-lived, read-only GitHub tokens.
  • Automatic Deletion After Review: Once the analysis is done, the entire sandbox, including cloned code, logs, and temporary files — is completely destroyed.
  • Built on SOC 2–Aligned Infrastructure: Beetle uses SOC 2 Type II certified platforms (like MongoDB Atlas).

In short:

Beetle never stores your code, never exposes it, and never reuses it. Everything happens in a secure sandbox… and then disappears.

This infrastructure for Beetle is provided and hosted by Amazon Web Services, Inc. ("AWS"). Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on SOC reports, is available from the AWS Compliance website.

AI Models and Data Privacy

We leverage enterprise-grade AI models provided by Amazon Bedrock and Google Vertex AI. We take the security of customer data very seriously. We do not train our models on customer code. Your code is processed in ephemeral environments and is not stored longer than necessary for the analysis.

Data Protection and Security Measures

We use MongoDB Atlas for our database infrastructure, leveraging its robust security features:

  • End-to-End Encryption: Data is encrypted at rest (using AES-256) and in transit (via TLS 1.2+).
  • Network Isolation: Database clusters run in a dedicated VPC with IP whitelisting and peering.
  • Role-Based Access Control (RBAC): Strict granular permissions ensure least-privilege access.
  • Compliance & Auditing: MongoDB Atlas is SOC 2 Type II and ISO 27001 certified, with comprehensive audit logs.

Monitoring and Validation

We employ continuous monitoring and automated vulnerability scanning to ensure the security of our platform. We also conduct regular third-party penetration testing and security audits.

Have security questions?

If you have additional questions regarding security, we are happy to answer them. Please write to shivang@beetleai.dev and we will respond as quickly as we can.

BEETLE