Security & Trust

When you connect a repository, CodeSplit AI clones it into an isolated, ephemeral environment. Your code is processed in sandboxed containers that are created for your session and destroyed when processing completes.

We do not store your source code after analysis and modernization operations are complete. The outputs (pull requests, specifications, metrics) are delivered to your GitHub account and stored in your CodeSplit AI project dashboard.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Source code: Cloned into ephemeral containers for processing. Not persisted after the operation completes.

Analysis results: Profiling data, domain maps, tech debt reports, and rebuild specifications are stored in your project dashboard for as long as your account is active.

Pull requests: Delivered directly to your GitHub repository. CodeSplit AI does not retain copies of generated code after delivery.

Account data: Email, GitHub connection metadata, and project configuration. Deleted upon account deletion request.

We are working toward SOC 2 Type II compliance. This is a priority as we scale, and we're building the controls and audit trail from day one.

CodeSplit AI Inc. is incorporated in Ontario, Canada, and operates under Canadian privacy law (PIPEDA).

If your organization has specific security requirements, we're happy to discuss them. Reach out to our team.