Loading...
FlagShark protects your code with minimal access, ephemeral processing, and enterprise-grade encryption. We never store source code. We only ever read what we need to open a clean PR.
FlagShark analyses code in isolated Lambda environments. We only store metadata about flags, never your source code. Processing environments are ephemeral and destroyed after each analysis.
Our GitHub App requests only the permissions needed: read repository contents for analysis and write pull requests for cleanup PRs. No access to secrets, environments, or admin settings.
Each repository analysis runs in an isolated AWS Lambda environment. Your code never mixes with other customers'. Processing environments are destroyed after each analysis.
All data is encrypted using AES-256 at rest and TLS in transit. We use AWS-managed encryption for storage and AWS KMS for application secrets.
We request only the permissions required to analyse your code and open cleanup PRs. No access to secrets, environment variables, admin settings, billing, or organisation management.
What we DON'T access: secrets, environment variables, admin settings, billing, or organisation management.
Scan results are automatically deleted after 30 days. Flag lifecycle data is retained while your account is active to provide historical insights. You can request full data deletion at any time by contacting joe@flagshark.com.
Happy to discuss security requirements, compliance needs, or custom enterprise configurations.