Loading...
FlagShark is built with security-first principles. We protect your code with minimal access, ephemeral processing, and enterprise-grade encryption.
FlagShark analyzes code in isolated Lambda environments. We only store metadata about flags—never your source code. Processing environments are ephemeral and destroyed after each analysis.
Our GitHub App requests only the permissions needed: read repository contents for analysis and write pull requests for cleanup PRs. No access to secrets, environments, or admin settings.
Each repository analysis runs in an isolated AWS Lambda environment. Your code never mixes with other customers. Processing environments are destroyed after each analysis.
All data is encrypted using AES-256 at rest and TLS in transit. We use AWS-managed encryption for storage and AWS KMS for application secrets.
We request only the minimum permissions required to analyze your code and create cleanup PRs.
What we DON'T access: Secrets, environment variables, admin settings, billing, or organization management.
We're committed to meeting enterprise security standards
Transparency about what we collect and how we handle your data
• Flag metadata (names, file paths, status)
• Repository identifiers
• Processing timestamps
• PR creation records
• GitHub usernames (for flag attribution)
• Your source code
• Secrets or credentials
• Environment variables
• Private developer information
Scan results are automatically deleted after 30 days. Flag lifecycle data is retained while your account is active to provide historical insights. You can request full data deletion at any time by contacting security@flagshark.com.