How ThornGrade protects your code and maintains the highest security standards
Your code enters an isolated environment, is analyzed for security vulnerabilities, and is cryptographically verified as deleted. We never store your source code.
We use GitHub OAuth with read-only access to repository contents.
| Service | Purpose | Data Shared |
|---|---|---|
| Vercel | Hosting & Infrastructure | None (code never stored) |
| Anthropic Claude | AI-powered security analysis | Code snippets (in-transit, not stored) |
| GitHub | OAuth & repository access | OAuth tokens (encrypted) |
| Stripe | Payment processing | Payment info only |
| OSV.dev | Vulnerability data | Package names only (no code) |
| Supabase | Database & metadata | Scan metadata (no code) |
We take security seriously. If you discover a vulnerability in ThornGrade, please report it to our security team. We'll work with you to understand and address the issue promptly.
ThornGrade follows SOC 2 Type II methodology for our internal security controls, including access management, system monitoring, and data protection.
Note: We are not yet SOC 2 certified but are working toward certification. We believe in transparency about our compliance journey.
We're committed to transparency about our security practices. If you have questions about how we protect your data, we're here to help.