Skip to content
A Autometric

[security]

Your code is never the product.

Autometric is built for teams that need best-in-class AI code review, linked task context, and deployment control without losing data boundaries or procurement readiness.

Request security documents Talk to security

[trust center]

Security documents without the scavenger hunt.

Controlled access
Security questionnaire
Pen test summary
Security whitepaper
Sub-processor register

[autometric posture]

Security is about how Autometric is secured and operated.

This section is for procurement, security review, and legal diligence: deployment model, data handling, access controls, sub-processors, and document access.

[product enforcement]

Framework enforcement and Task Context are product capabilities.

SOC 2, PCI DSS, HIPAA, ISO 27001, GDPR, FedRAMP, and NIST 800-53 mappings are enforced for customer repositories through Framework Enforcement. Linked ticket context can shape review behavior too. Those belong on product pages, not in vendor security documents.

Security questionnaire

Standard vendor-security responses for procurement and customer review.

Available on request

Pen test summary

Third-party findings summary and remediation status snapshot.

Available on request

Security whitepaper

Deployment model, data flow, and model-governance overview.

Available on request

Sub-processor register

Live inventory with change-notification expectations.

Public

[data handling]

Data handling and model governance

  • Customer code is not used to train foundation models or internal models.
  • Linked task or ticket context follows the same deployment boundary and handling controls as review context.
  • Identity controls include SSO, SCIM, and enforceable MFA patterns.
  • Audit logs are immutable and exportable for downstream review systems.
  • This page covers Autometric's own security, deployment, and legal posture rather than customer-side framework enforcement.
  • Security documents are available through a controlled request flow rather than scattered PDFs.

[deployment]

Deployment choices that match your risk posture

  • SaaS: multi-tenant on managed cloud infrastructure with region selection.
  • Single-tenant VPC: dedicated compute where stronger isolation is required.
  • On-prem / air-gapped: Kubernetes-based deployment with self-hosted model support and no outbound dependency.

[operations]

Operational security signals

Incident response

Documented plan, customer notification path, and post-incident review expectations.

Access controls

SSO, SCIM, MFA, RBAC, and policy-oriented auditing rather than ad hoc admin state.

Sub-processors

A published register with change notifications instead of hidden operational dependencies.

Responsible AI

Model routing is explicit, auditable, and designed for enterprises that must justify the stack.

[cta]

Need security documents for a live deal?

Request security documents Contact security