Data Handling¶
How we store, process, and protect your data.
What we store¶
| Category | Examples |
|---|---|
| Organization settings | Name, domains, DataSources |
| Users and access | Email, name, roles, hashed password, 2FA secret |
| Third-party API keys | HIBP, GitHub, GitLab tokens (encrypted) |
| Findings | Detector findings — text, metadata, evidence |
| Sensitive evidence | Paste contents, leak-site screenshots |
| Reports | Generated PDF / DOCX / CSV |
| Audit log | Who, when, what action |
Encryption¶
At rest¶
- DB: AES-256 at the storage layer (Neon native encryption).
- API keys and sensitive fields: additional application-layer encryption (
django-encrypted-model-fields) — even if someone obtains a DB dump, keys aren't readable without the application secret. - Files (reports, evidence): AES-256 on block storage.
In transit¶
- TLS 1.3 for all external traffic.
- mTLS between internal services.
- HSTS with preload on the main domain.
Data residency¶
- Primary deployment: EU (Frankfurt) via Neon.
- Backups: same region, separate availability zone.
- CDN: Cloudflare, caches only static assets (not data).
For Enterprise with strict data residency requirements — dedicated regions by agreement (sales@bytecode.team).
Data retention¶
| Data type | Retention |
|---|---|
| Findings (active) | Unlimited while organization is active |
| Findings (resolved) | 7 years (for compliance) |
| Sensitive evidence (pastes, leak-site screenshots) | 90 days after resolution |
| Logs (application, access) | 90 days |
| Audit log | 7 years |
| Backups | 30 days |
| Deleted organizations | 30 days grace period, then deletion |
Custom retention policies — Enterprise.
Backups¶
- Daily — full DB snapshot.
- Point-in-time recovery (PITR) — restore to any second over the last 7 days.
- Geo-redundant — backups in a separate AZ.
Bytecode staff access¶
- Default: staff has NO routine access to client data.
- Support access: possible only on explicit client request (e.g., troubleshooting). Logged in client's audit log.
- Emergency access: for incident response — logged + post-incident review.
- Background checks: all staff with potential production access undergo background checks.
Sub-processors¶
List of third-party services processing your data:
| Sub-processor | What it does | Region |
|---|---|---|
| Neon | Managed PostgreSQL | EU |
| AWS S3 | File storage (reports, evidence) | EU |
| Cloudflare | CDN, DDoS protection | Global |
| SendGrid | Email delivery | EU |
| Stripe | Billing (does NOT process platform data) | US |
Full list with contacts — in the DPA.
Data transfer outside EU¶
- All sub-processors in the list have Standard Contractual Clauses (SCC) with us.
- For US-based ones (Cloudflare, Stripe) — additional DPA with SCC.
- No client data is transferred to third countries without SCC.
Data deletion¶
On client request (GDPR Right to Erasure)¶
- Request to
privacy@bytecode.teamor via Settings → Privacy → Request data deletion. - 30 days for verification (per GDPR).
- Deletion from production + backups (via rolling backups).
- Confirmation sent to client.
On organization closure¶
- 30 days grace — restorable.
- Then — automatic deletion from all systems + backups (rolling cycle).
Data export (Data Portability)¶
You can export all your organization's data in machine-readable format:
- Settings → Privacy → Export all data.
- Background job runs — within hours you get an email with a link.
- The archive contains a JSON dump of all findings, settings, users, reports.
Security incidents¶
If we have a security incident affecting your data:
- Notification: within 72 hours (per GDPR Article 33).
- Channel: email to organization admins + status page https://status.bytecode.team.
- Post-incident review: published within 14 days.
Reporting security issues to us: security@bytecode.team.