Security

Enterprise-Grade Security

Your data deserves the best protection. AJAIA is built with security-first principles to keep your work items, API keys, and credentials safe.

AES-256 Encryption
SOC 2-Aligned Controls
400+ Security Tests
Zero Code Access

đź”’ We Never Read Your Source Code

AJAIA never accesses file contents, diffs, or source code. With your permission, we may read repository metadata (names, branches) and commit messages to link evidence to work items for confidence scoring. Your actual codebase remains completely private.

How We Protect Your Data

Security isn't an afterthought—it's built into every layer of AJAIA.

AES-256-GCM Encryption

All sensitive data is encrypted at rest using industry-standard AES-256-GCM with authenticated encryption.

  • Scrypt key derivation (memory-hard, brute-force resistant)
  • Unique salt per encryption operation
  • Authentication tags prevent tampering
  • Random IV for every encryption

Secure Transit

All data in transit is protected with modern TLS protocols and strict security headers.

  • TLS 1.3 for all connections
  • HTTPS enforced everywhere
  • HTTP Strict Transport Security (HSTS)
  • Content Security Policy (CSP)

Role-Based Access Control

Fine-grained permissions ensure users only access what they're authorized to see.

  • Organization-level isolation
  • Admin, Member, and Viewer roles
  • Secure session management
  • Automatic session expiration

Input Validation & Sanitization

All user inputs are rigorously validated and sanitized to prevent injection attacks.

  • SQL injection prevention
  • XSS attack protection
  • Prompt injection filtering for AI
  • Content filtering and moderation

API Key Security

Your ADO and Jira credentials are stored with the highest level of protection.

  • API keys encrypted at rest
  • Keys never exposed in logs
  • Secure environment variable handling
  • Revocable access tokens

400+ Security Tests

Comprehensive automated testing validates our security controls continuously.

  • Authentication & authorization tests
  • Input validation coverage
  • Encryption/decryption verification
  • Session management tests

Compliance & Standards

AJAIA is built to meet enterprise security requirements.

SOC 2-Aligned Controls Implemented
GDPR Data Protection Compliant
Data Processing Addendum (DPA) Available
Data Export & Portability Supported
Right to Deletion Supported
Global Privacy Control (GPC) Honored

Secure Infrastructure

Hosted on trusted, enterprise-grade platforms.

Vercel Edge Network

Application hosted on Vercel's global edge network with built-in DDoS protection, automatic HTTPS, and SOC 2 Type II certification.

Neon Serverless Postgres

Database powered by Neon with automatic encryption at rest, point-in-time recovery, and secure connection pooling.

Anthropic Claude AI

AI processing powered by Claude with strict data handling policies. Your data is not used to train AI models.

Security Questions?

We're happy to discuss our security practices in detail.

security@ajaia.dev

For vulnerability reports, please email us directly. We take all reports seriously and respond within 24 hours.