Enterprise-grade security

Your code and team data deserve the highest protection. Here's how we deliver it.

SOC 2 in progress Open source Self-hostable

AI model disclosure

Powered by state-of-the-art language models. Code is processed in isolated inference environments and never stored. Each organization's context is fully isolated with no cross-contamination between customers.

Your code stays yours

Code is processed, not stored

We analyze your repo structure and recent changes to provide context to the AI. We don't permanently store your source code.

No training on your data

Your code, conversations, and team data are never used to train AI models.

LLM isolation

Each organization's AI context is isolated. No cross-contamination between customers.

You control the scope

Choose which repos the agent can access. Revoke access anytime.

How your data flows

Your GitHubSource reposTeamLead AIEncryptedAI EngineNo storageInsightsBack to you

Security in depth

Data Protection

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Tokens and API keys are encrypted with per-organization keys before storage.

Webhook Security

All inbound webhooks are verified via HMAC signatures. No unsigned payloads are processed.

Data Retention

Chat history: 90 days. Activity logs: 90 days. Codebase index: refreshed daily, deleted on disconnect.

Access & Compliance

Access Control

Role-based permissions. Owners, admins, leads, and members each see only what they need.

Audit Logging

Every action logged with who, what, when, and from where. 90-day retention, exportable.

Compliance

SOC 2 Type II audit underway, expected Q2 2026. GDPR and CCPA compliant. DPA available on request.

Employee Access

Production access requires MFA + approval. All access is logged. We follow principle of least privilege.

Responsible Disclosure

Found a vulnerability? Email security@teamlead.ai. We respond within 24 hours.

Infrastructure

Rate Limiting

API rate limiting protects against abuse. Per-plan limits with graceful degradation.

Self-Hosting

Deploy on your own infrastructure. Docker, Kubernetes, or bare metal. Your data never leaves your network.

Penetration Testing

Annual third-party penetration testing by independent security firms. Results inform our security roadmap.

AES-256 Encryption TLS 1.3 SOC 2 (in progress) GDPR Compliant

Security FAQ

Does TeamLead AI access my private repositories?

Only the repositories you explicitly grant access to. You can revoke access anytime from your GitHub settings.

Is my code sent to AI models?

We send code context (file names, function signatures, recent diffs) to generate insights. We never send entire file contents. No code is stored after processing.

Where are your servers hosted?

Our infrastructure runs on AWS (US-East). All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

Can I self-host TeamLead AI?

Yes. TeamLead AI is open source. Deploy on your own infrastructure with Docker. Your data never leaves your network.

Questions about security?

Email security@teamlead.ai. We respond within 24 hours.