Compliance & Privacy
How ReplayCI aligns with common security and privacy frameworks.
Data handling principles
ReplayCI follows these core principles for all data handling:
| Principle | Implementation |
|---|---|
| Least privilege | RLS scopes all queries to the authenticated tenant |
| Fail-closed | SecurityGate blocks on match; decryption errors refuse data |
| Defense in depth | 6 layers: network → auth → isolation → scanning → encryption → audit |
| Data minimization | Only SecurityGate-scanned, redacted artifacts are stored |
| Encryption by default | AES-256-GCM envelope encryption on all stored artifacts |
| Audit trail | Signed traceability envelopes on every run |
SOC 2 alignment
While ReplayCI does not currently hold a SOC 2 certification, the platform implements controls that align with SOC 2 Trust Services Criteria:
Security
| Control area | Implementation |
|---|---|
| Access control | Session-based auth (dashboard), API key auth (CLI), RLS (database) |
| Encryption | AES-256-GCM at rest, TLS in transit, per-tenant key derivation |
| Network security | Cloudflare WAF/DDoS, security headers, egress blocking (CI) |
| Vulnerability management | Dependency auditing, SecurityGate scanning, input bounds validation |
| Logging & monitoring | Structured Pino logging with secret redaction, correlation IDs |
Availability
| Control area | Implementation |
|---|---|
| Backup | Daily PostgreSQL backups with SHA-256 integrity checksums |
| Recovery | Documented restore procedures with verification scripts |
| Redundancy | Cloudflare edge caching and DDoS protection |
Confidentiality
| Control area | Implementation |
|---|---|
| Data classification | Artifacts scanned and redacted before storage |
| Encryption | Per-tenant envelope encryption (HKDF key derivation) |
| Tenant isolation | Database RLS, filesystem namespacing, cryptographic separation |
| Secret management | API keys hashed (SHA-256), passwords hashed (scrypt), tokens hashed |
Processing integrity
| Control area | Implementation |
|---|---|
| Input validation | Schema validation, size limits, bounds checking on all inputs |
| Data integrity | Content-hash deduplication, traceability envelopes, fingerprinting |
| Error handling | Fail-closed by default across all security boundaries |
GDPR considerations
Data subject rights
| Right | How ReplayCI supports it |
|---|---|
| Right to access | Dashboard provides full visibility into your stored run data |
| Right to erasure | Tenant deletion removes all data across 24 models + filesystem blobs |
| Right to data portability | replayci export-bundle exports your data in a portable format |
| Right to rectification | API key revocation, password reset, email update available |
Data processing
| Aspect | Details |
|---|---|
| Data processor | ReplayCI processes your LLM test data on your behalf |
| Data location | EU-based data center |
| Sub-processors | Cloudflare (CDN/WAF), AWS SES (transactional email) |
| Retention | Configurable per-tenant; defaults in Data Retention |
| Deletion | Atomic tenant deletion with auditable proof |
Data minimization
ReplayCI only stores what's necessary for test reliability:
- Stored: Redacted run artifacts, metadata, baselines, fingerprints
- Not stored: Raw LLM responses (only SecurityGate-scanned versions), provider API keys, user passwords (only hashes)
- Automatically removed: Expired tokens, orphaned blobs, artifacts past retention period
Security practices
Authentication
- Passwords hashed with scrypt using industry-standard parameters
- Session tokens signed with HMAC-SHA256
- API keys: high-entropy generation, hashed storage
- Constant-time comparison for all credential verification
- Anti-enumeration protections on password reset
Secure development
- TypeScript strict mode across the entire codebase
- 2400+ automated tests including security boundary tests
- SecurityGate regression tests verify scanning on every commit
- No
eval()or dynamic code execution - Input bounds validation on all user-supplied data
- Content Security Policy headers restrict script execution
Incident response
- Structured logging with correlation IDs enables rapid investigation
- Token revocation provides immediate access termination
- Tenant deletion capability for complete data removal
- Daily backups enable point-in-time recovery
Certifications and assessments
ReplayCI is a young platform. We are working toward:
- SOC 2 Type II certification
- Regular third-party penetration testing
If you have specific compliance requirements, contact [email protected] to discuss how ReplayCI can meet your needs.
Contact
For compliance questions or to request our security documentation:
Email: [email protected]