Trust Center
Security and trust at Corgea
Corgea is SOC 2 Type II compliant. Explore our security posture, compliance reports, subprocessors, and policies — and request our SOC 2 report in seconds.
- AES-256 encryption
- TLS 1.3 in transit
- Zero Data Retention with AI providers
- AWS infrastructure
Trusted by security-conscious engineering teams
Compliance & certifications
Independent validation of the controls that protect your code and data.
SOC 2 Type II
Corgea undergoes independent SOC 2 Type II auditing of our security controls across security, availability, and confidentiality. Customers can request the latest report below.
How we protect your data
Security is built into every layer of Corgea. Read the full security documentation for the complete set of controls.
Encryption everywhere
AES-256 at rest and TLS 1.3 in transit. We store only the code diffs required to deliver fixes.
Access controls
Role-based access, strong password policy with PBKDF2/SHA-256, brute-force protection, and audited internal access.
Secure SDLC
Threat modeling, mandatory peer reviews, secrets scanning, and security testing before every deployment.
Hardened infrastructure
Hosted on AWS with VPC isolation, security groups, IAM roles, and network segmentation.
Continuous monitoring
A WAF inspects all traffic, supply-chain scanning runs on merge, and access logs are continuously audited.
Privacy by design
You own your data and can request deletion anytime. Your data is never used to train AI models.
Documents & policies
The legal and security documents that govern how we operate.
Request the SOC 2 report
Enter your work email and choose the documents you need. We’ll email them to trust@corgea.com and CC you so you receive a copy directly.
- SOC 2 Type II report available on request
- You’re CC’d on every request
- Reviewed and shared by our security team
Request received
Thanks! We’ll email you the documents you requested shortly.
Subprocessors
We deliberately limit the third parties that process data. These are the subprocessors Corgea relies on today.
Frequently asked questions
Answers to the questions security and procurement teams ask most.
Is Corgea SOC 2 compliant?
Yes. Corgea is SOC 2 Type II compliant. You can request our latest report through the form above and we will share it after a short review.
How is my code and data protected?
Corgea only stores the code differences (diffs) needed to deliver fixes, encrypted with AES-256 at rest and TLS 1.3 in transit. You own your data and can request deletion at any time. Your data is never used to train models.
Do you use my data to train AI models?
No. We maintain Zero Data Retention (ZDR) agreements with OpenAI and Azure OpenAI, and your data is never used to train or refine any models.
Which third parties (subprocessors) have access to data?
We deliberately limit subprocessors to AWS, OpenAI/Azure OpenAI, Sentry, Google Analytics, and PostHog. The full list, including each subprocessor’s purpose, is published above.
How do you handle access controls and authentication?
Corgea enforces role-based access control, a strong password policy with PBKDF2/SHA-256 hashing, brute-force protection, rate limiting, a WAF, and session expiration. Internal access to data is restricted, logged, and audited.
Where can I find your Terms of Service and Privacy Policy?
Our Terms of Service and Privacy Policy are linked in the Documents & policies section above, alongside our detailed Security documentation.