Security at RCCP

Your code stays on your machine. We take security seriously and have built RCCP with privacy-first architecture.

Zero Code Access

Your source code never leaves your machine. RCCP only receives events, sanitized logs, and summaries - never your actual codebase.

End-to-End Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.

Audit Logging

Every action is logged with timestamps, user identity, and context. Full audit trails are available for compliance.

Infrastructure Security

We deploy on managed cloud infrastructure with least-privilege access, hardened defaults, and continuous monitoring.

Secure Authentication

OAuth 2.0 authentication with Google. API keys are hashed and never stored in plain text. Device-based authentication for agents.

Policy Controls

Fine-grained policy controls let you define what actions require approval, with support for auto-approve rules.

Privacy-First Architecture

What stays on your machine

  • All source code
  • Git repositories
  • Environment variables
  • Credentials and secrets
  • Local file system access

What we receive

  • Run status and metadata
  • Sanitized event summaries
  • Approval request details
  • Agent connection logs
  • Timing and performance metrics

Compliance Readiness

SOC 2

Controls are designed for audit evidence workflows. Formal attestation is not published yet.

GDPR

Data access, export, and deletion requests are supported through our privacy process.

CCPA

California consumer access/deletion requests can be submitted to our privacy contact.

Report a Vulnerability

We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to our security team.

Contact Security Team