Privacy and security

Graphite is a simple code review platform designed to help engineers write and review small pull requests, stay unblocked, and ship faster.

To achieve our mission to build state-of-the-art developer tools, Graphite values security above all else. We are SOC 2 Type II compliant, passing a rigorous auditing procedure established by the American Institute of Certified Public Accountants (AICPA). SOC 2 Type II assesses non-financial reporting controls across five areas: security, availability, processing integrity, confidentiality, and privacy. We also continuously pen test. Learn more about our security practices.


Note

Unlike SOC 2 Type I certification, which focuses on a company’s controls at a specific point in time, Type II goes further. It evaluates how effectively these controls operate over an extended period of typically six months or more. For our enterprise users, this certification streamlines the vendor due diligence process. If you have questions about our security policies or want to request a copy of our SOC 2 Type II report, reach out to our security team at support@graphite.dev.


Authenticating a new tool with your GitHub account can be intimidating, so we aim to be transparent about how we integrate with GitHub and make sure your source code is secure.

Read org and team membership, read org projects

  • Look up and display profile information about your organizations and teams

  • Look up and display information (i.e., usernames) of other users in your organizations

  • Look up and display repositories in your organizations

Read all user profile data; Access user email addresses (read-only)

  • Display your name

  • Display your GitHub username

  • Display your GitHub profile picture

  • Send you transactional emails about Graphite

Repositories (read and write)

  • Look up and display pull requests in your repositories

  • Create/update pull requests in your repositories

  • Add comments to pull requests (both the automated stack comment and your review comments)

  • Review PRs

  • Merge/land PRs

If you prefer to limit Graphite's access to select repositories, you can sign in using our GitHub App when you first create your Graphite account.

The Graphite GitHub App asks for the following permissions:

  • Read: actions, checks, code, commit statuses, metadata

    • Used to display PRs and their relevant statuses and metadata on Graphite

  • Read & write: pull requests

    • Used to create and display PRs on Graphite

  • Read: user emails

    • Used to send transactional emails about Graphite


Note

Depending on your GitHub organization's settings, you may have to "request to add" the Graphite GitHub App—one of your GitHub organization owner will then have to approve the app for use, at which point you'll be able to sign into Graphite.


When you call gt submit, the Graphite CLI pushes the branches in your stack to the remote repository in GitHub directly from the client. Metadata about which branches were pushed to GitHub are sent to Graphite servers so we can open those PRs on your behalf.

When you open the app in your browser, it calls GitHub's API directly from the client to retrieve and display pull requests in repositories you have access to according to the filter views you've defined. The only data stored on Graphite servers are basic profile metadata (GitHub ID, username, profile picture) and the auth token generated when you sign in with GitHub, which we use to save your PR filter views and maintain your session.

Graphite's new AI Summarize feature on the app utilizes OpenAI's GPT-3 API to create summaries of PR changes with the help of artificial intelligence. In order to protect the source code and privacy of our customers and in accordance with OpenAI's Terms of Use, we have specifically opted out of the option to "Use Content to Improve Services"—meaning your source code and PR metadata are not used in training sets.

We've also crafted the feature to be PR-by-PR opt-in; if you don't press the button, your code will not be processed by OpenAI. If you have more questions about this feature, don't hesitate to shoot us a message on Slack or email security@graphite.dev.

During normal usage of the CLI and the website, Graphite will generate and store logs to help us better debug in the event of an error and better understand the profile of our users. Examples of that data include:

  • Metadata about your repository: for example, number of branches or counts of Graphite commands being run. We use this to debug failing commands in the CLI (for example, in the past we found that a repository with a very high number of branches would cause the CLI to hang).

  • Metadata about your usage: for example, commands being run, command run time, or any CLI errors. We use this to understand where to further our engineering investment and understand how widespread issues are.

  • Metadata about your GitHub account: for example, organizations which you're a member of on GitHub. We use this to track the usage of our product and understand what types of organizations we work best for.

We understand how important it is to keep your source code safe. That's why we built Graphite with security and privacy best practices from day 1, using encryption in motion and at rest.

Graphite stores GitHub access tokens returned from App authentication logins. These tokens are revokable by both Graphite and the user’s GitHub settings.

We store these tokens in a Postgres database, encrypted in motion and at rest. We also manually encrypt the access tokens using aes-256-cbc and decrypt when we read them into server memory. To encrypt/decrypt, we use a secret stored in AWS secret manager.

We additionally encrypt data in our database with a key stored in a different service. So even if the database was compromised, access would not be gained to the Github API tokens.

We're more than happy to provide you with copies of our security-related company policies to give you a better sense of how we approach security at Graphite.

Please email security@graphite.dev to request copies, or feel free to share your team's security questionnaire if you have a standard format.