Security Whitepaper
1. Purpose
This document describes how ProjectIQ handles the code and information you submit for analysis, so you (or your organization's security reviewer) can evaluate whether the service meets your requirements before you upload anything.
2. Processing architecture
ProjectIQ processes your submission through a multi-pass pipeline. The key architectural property: raw source code and text are never written to persistent storage.
- Content you submit (currently, markdown text — zip file contents once that input path is live) is held only in request-scoped memory during processing.
- The pipeline extracts a structured, normalized representation — the Project Context Object — containing things like detected tech stack, integrations, and file/line references (not code snippets).
- Once that structured object exists, the raw content is discarded. It is never written to a database, disk, or log.
3. How your Claude API key is handled
- Required for every analysis run, across every input mode — there is no pooled key on ProjectIQ's side.
- Held in memory for the duration of that run, then discarded.
- Never encrypted and stored, never cached, never logged. There is no key-storage subsystem in this architecture — the key simply isn't retained anywhere after the run completes.
- Every processing run — including re-running the same project — requires the key to be supplied fresh.
4. Redaction (zip input, once live)
Once the zip upload path is enabled, a redaction pass will run against submitted code/text before it reaches the Claude API, detecting and stripping common secret patterns — API keys, connection strings, credentials in configuration files — to reduce the chance that a sensitive value is included in any model input. This path is currently disabled in the product while that pass is being built.
5. Encryption
- All traffic between your browser and ProjectIQ's servers, and between ProjectIQ's servers and the Anthropic API, is encrypted in transit (TLS).
- Generated reports stored in our database are subject to our hosting provider's (Supabase) standard encryption-at-rest for stored data.
6. What is retained
- The generated report itself (analysis, execution plan, evidence references as file paths/line numbers — not code snippets).
- Account information necessary to operate your subscription.
- Nothing else from your submission.
7. Sub-processors
| Service | Purpose |
|---|---|
| Anthropic (Claude API) | Runs the analysis pipeline, using your own supplied API key |
| Supabase | Database and storage for accounts and reports |
| Vercel / Render | Application hosting |
| Twilio | One-time code delivery for sign-in |
| Payment processor | Not yet selected — no live payment processing exists today |
8. Access controls
Internal access to submitted content or generated reports outside of automated processing is limited to debugging a reported issue, and any such access is logged. Further specifics on authentication, role-based access, and infrastructure hardening will be added here as they are implemented.
9. Incident response
In the event of a suspected data exposure affecting your submitted content or generated reports, we will notify affected users as soon as practicable after confirming the incident. This section will be expanded into a full incident response plan as the product scales.
10. What this document does not cover
This is not a substitute for a formal security audit, penetration test, or compliance certification (e.g., SOC 2). ProjectIQ does not currently hold third-party security certifications. If your organization requires one before adopting the tool, please contact us to discuss.