The InfoSec Guarantee
TuringMind Code Intelligence was built by security engineers who understand the friction of enterprise vendor reviews. We designed our architecture to default to privacy.
1. The Gobbler Pipeline (AST Parsing)
When you connect a GitHub repository, our Gobbler pipeline parses the Abstract Syntax Tree (AST) to generate the Semantic Graph Index. This process happens securely within our isolated tenant boundaries. The raw source files are processed purely in-memory and are not persistently stored on disk after the semantic relationships are extracted.
2. Retrieval and LLM Boundaries
We use enterprise-grade LLM APIs (e.g., Azure OpenAI) with explicit zero-retention agreements. When the Security Orchestrator queries your graph index, the code snippets provided in the prompt are discarded by the LLM provider immediately after the response is generated. Your code is never used for model training.
3. GitHub Integration Permissions
The TuringMind GitHub App requests the absolute minimum permissions required to operate:
- Read-only access to code (for AST ingestion).
- Read/Write access to Pull Requests and Checks (to post reviews and block CI if thresholds are met).
- No access to organizational secrets or administrative settings.
Compliance & Certifications
We are actively pursuing SOC 2 Type II and ISO 27001 certifications. For pre-revenue design partners, we offer custom deployment options, including dedicated VPCs, to meet your immediate compliance requirements.
Have questions for your InfoSec team? Contact our founders directly.