Security PolicyEncryptionIn transit: TLS 1.3 At rest: AES-256 API Keys hashed; visible only at creationAccess controlLeast-privilege internal access Audited critical operations Network isolation for databasesComplianceISO 27001 (in progress) SOC 2 Type II (planned 2026) GDPR / CCPA / PIPL alignedVulnerability disclosureEmail: security@codepus.ai PGP: https://codepus.ai/pgp.txt Acknowledgement β€ 72h; fix or coordinated disclosure β€ 90d Bug Bounty: $200 β $5,000RecommendationsEnable 2FA: see Account Security Use API Keys server-side only Rotate keys regularly