Security - Uzera
Security

Your code is your most
valuable asset. We treat it that way.

Uzera is built from the ground up with security, privacy, and data sovereignty at its core. We process your code to build Knowledge Trees, but we never store, share, or train on your source code.

No raw code stored

Source code is processed in memory during scanning. We generate structured Knowledge Trees as derived metadata. No copies of your source files are retained.

Encryption everywhere

Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted using AES-256. All encryption keys are managed through industry-standard key management services.

Tamper-evident audit trails

Every agent interaction is recorded in hash-chained, tamper-evident logs. Each entry links cryptographically to the previous one, ensuring integrity of the complete audit trail.

No AI training

We never use your codebase data, Knowledge Trees, Rules, or agent interaction logs to train, fine-tune, or improve any AI or machine learning models.

Role-based access

Granular permissions with least-privilege principles. Team admins control who can access Knowledge Trees, Rules, and audit data within each workspace.

SOC 2 infrastructure

Hosted on SOC 2 compliant infrastructure with physical security, redundancy, and disaster recovery. Regular penetration testing and vulnerability scanning.

Data Handling

What we store vs. what we don't.

What we store

  • Knowledge Trees (structured metadata derived from your code)
  • Rules and team conventions you define
  • Agent interaction logs and queries
  • Hash-chained audit trail records
  • Account and workspace configuration

What we never store

  • Raw source code files
  • Secrets, credentials, or API keys
  • .env files or certificate files
  • Code from other customers' repositories
  • Training data derived from your code
Infrastructure

Built on enterprise-grade foundations.

TLS 1.2+ in transit

All data transmitted between your systems and Uzera is encrypted with modern TLS.

AES-256 at rest

All stored data is encrypted at rest using AES-256 with managed encryption keys.

72-hour breach notification

Documented incident response plan with notification within 72 hours of confirmed breach.

GDPR & CCPA compliant

Standard Contractual Clauses for EU transfers. Full data subject rights honored.

Regular pen testing

Periodic penetration testing and vulnerability scanning with prompt remediation.

Internal access logging

All internal access to customer data is logged, monitored, and subject to review.

Found a vulnerability?

We take security reports seriously. If you've discovered a security issue, please report it responsibly to our security team.

Report to security@uzera.com