Docs/Policies & Public Pages/Security Policy

Security Policy

Encryption

  • In transit: TLS 1.3
  • At rest: AES-256
  • API Keys hashed; visible only at creation
  • Access control

  • Least-privilege internal access
  • Audited critical operations
  • Network isolation for databases
  • Compliance

  • ISO 27001 (in progress)
  • SOC 2 Type II (planned 2026)
  • GDPR / CCPA / PIPL aligned
  • Vulnerability disclosure

  • Email: security@codepus.ai
  • PGP: https://codepus.ai/pgp.txt
  • Acknowledgement ≀ 72h; fix or coordinated disclosure ≀ 90d
  • Bug Bounty: $200 – $5,000
  • Recommendations

  • Enable 2FA: see Account Security
  • Use API Keys server-side only
  • Rotate keys regularly