SlashCommandSlashCommand

Security and access, documented honestly.

Access operates on short-lived installation tokens — no personal credentials, no source code retained, and no write action taken without explicit human authorization.

Trust documents

Data Retention ApproachWhat is retained, what is not, and current formalization stateService SubprocessorsInfrastructure and service providers that process data on our behalf

Access model

SlashCommand does not use personal access tokens for product access.

We connect through a registered GitHub App with short-lived, installation-scoped tokens. You control which repositories are accessible and can revoke at any time from GitHub settings.

Integration modelRegistered GitHub App — not OAuth, not personal tokens.
Token lifetimeShort-lived installation tokens, minted per-request and expired automatically. No persistent credentials.
Repository scopeYou select which repositories are accessible at installation. Revocable at any time from GitHub settings.

Data boundaries

Analysis is metadata-based. We do not store your source code.

What SlashCommand reads

  • Pull request metadata — title, author, labels, status
  • File paths and diff statistics
  • Commit SHAs and branch references
  • CI/CD check status (pass / fail)
  • Dependency manifests (package.json, etc.)

What SlashCommand does not do

  • Store source code — analysis is metadata-only
  • Access repositories you have not granted
  • Retain long-lived access tokens
  • Make changes without human approval
  • Sell or commercially share your data

Infrastructure providers operate the service on our behalf. We do not sell or transfer customer data to any third party. Service subprocessors →

Security & infrastructure

Deployed on managed cloud infrastructure, tenant-isolated by design, with no source code in storage or logs.

Infrastructure

  • Google Cloud Platform — managed compute and storage
  • EU-based build and deployment infrastructure
  • Stateless containers, HTTPS enforced
  • Secrets managed via dedicated infrastructure, never in code

Data handling

  • No source code storage — metadata-only analysis
  • Multi-tenant isolation, scoped by tenant
  • PII excluded from logs by policy
  • Logs are configured to exclude tokens, secrets, and source code

Governance model

AI agents operate within strict human-authorized boundaries.

High-risk operations are blocked from autonomous execution by policy.

Human authorization required

Agent-initiated writes require explicit human approval. AI agents can create pull requests and draft verification evidence, but cannot merge without human authorization.

Evidence-based merge policy

Every automated merge requires a risk classification and a verification evidence pack committed to the repository. High-risk changes are prohibited from auto-merge by policy.

Scope validation at the API layer

Every operation is validated against your active GitHub App binding. Operations outside your granted repository scope are blocked before execution.

Maturity

The access, data, and governance practices described above — assessed at their actual readiness. Operational today, being formalized, or not yet in scope. No assumptions made about practices not yet in place.

Operational
  • GitHub App model — short-lived tokens only
  • No source code stored — metadata-only analysis
  • Human authorization required for agent-initiated writes
  • Cloud-hosted on GCP, EU-based infrastructure
  • Multi-tenant data isolation by tenant
  • Evidence-based merge policy enforced
In progress

Implemented, being formally documented

Not yet

Not in current scope

  • SOC 2 / ISO 27001 certification
  • Formal penetration testing
  • SSO / SCIM provisioning
  • Data Processing Agreement (DPA)

Evaluator questions

Questions raised most often during security reviews and procurement evaluations.

Can I limit which repositories SlashCommand accesses?

Yes. During GitHub App installation, you choose between all repositories or specific ones. You can change this at any time from GitHub settings — no action required from SlashCommand.

Does SlashCommand store my source code?

No. SlashCommand reads metadata only — file paths, diff statistics, commit SHAs, dependency manifests, and PR information. Source code is never stored.

What happens if I disconnect the GitHub App?

All product features depending on repo access stop immediately. Your account and settings remain intact and you can reconnect at any time.

Can SlashCommand merge pull requests without my approval?

No. Automated merges require risk classification and human approval. High-risk changes are prohibited from autonomous execution by policy.

Where is my data hosted?

Google Cloud Platform, EU-based infrastructure. Secrets are managed via dedicated infrastructure and are never stored in code or version control.

Is SlashCommand SOC 2 or ISO 27001 certified?

No. We have not pursued formal security certifications. We do not claim or imply compliance with any certification standard.

Continue the review

This page summarizes our current access model, security posture, and governance controls.

Additional details on any section can be provided during evaluation. Reach out directly.

Security & trust inquiries

security@slashcommand.dev

For vendor review, security questions, and trust inquiries.

Source & history →