Security & Trust Center

We protect your engineering intellectual property with defense-in-depth architecture, ephemeral analysis, and continuous monitoring.

Zero-Retention Policy

Your raw source code is never permanently stored on our servers. When you trigger an analysis, the code is pulled into an ephemeral, sandboxed container, converted into a Knowledge Graph, and then the container is immediately destroyed.

Infrastructure Security

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Our production databases are isolated in private VPCs with strict IP whitelisting. We employ Cloudflare Turnstile to prevent automated abuse and DDoS attacks.

Authentication

Authentication is powered by NextAuth.js with bcrypt password hashing. All critical actions require active session tokens and CSRF validation. We implement strict per-IP and per-email rate limiting to neutralize credential stuffing.

Compliance

Our platform is designed to align with SOC 2 Type II and ISO 27001 requirements. We do not use your proprietary code to train any public or foundational AI models. Enterprise DPAs are available upon request.

Report a Vulnerability

We take security reports seriously. If you believe you have found a vulnerability in Norveth, please disclose it to our security team immediately.

Contact Security Team