Platform

Security

RunPilotAI is built with security as a first-class concern. Here is how we protect your code, test results, and team data.

Data encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Test results, failure metadata, and API keys are stored in an encrypted Supabase database.

API key security

Ingestion API keys are scoped per project and can be rotated at any time. Keys are never shown after initial creation and are stored hashed.

Data isolation

All queries are scoped to your user ID using row-level security (RLS) policies in Supabase. No user can access another user's data.

Infrastructure

RunPilotAI is hosted on Vercel (compute) and Supabase (database). Both providers are SOC 2 Type II certified and GDPR compliant.

What data do we store?

  • Test run metadata (pass/fail counts, timestamps, branch, commit SHA)
  • Failure details (test name, error message, stack trace)
  • AI usage events (action type, credits used — no prompt content)
  • Your email address and hashed password (via Supabase Auth)

What data do we NOT store?

  • Your source code (we never clone or read your repository)
  • Screenshot or trace files (links are stored, not the files themselves)
  • GitHub tokens beyond what is needed for dispatch calls

Questions about security or compliance? See the FAQ or contact security@runpilotai.com.

Plans & PricingFAQ