Security & privacy
How Topogy protects your code, your data, and your team's trust.
Security is foundational, not an afterthought.
Built by a seasoned team of engineers from Google, GitHub, and SendGrid with deep operational and security experience scaling companies through and beyond IPO.
Compliance
SOC 2 Type II
Audited controls for security, availability, and confidentiality.
CCPA supported
California Consumer Privacy Act compliance supported.
ISO 27001
Coming soon.
Data handling
Code access
Topogy reads code metadata, diffs, and structural information. You control which repos and branches it can access. We never touch your customers' data.
Data encryption
All data is encrypted in transit and at rest. Encryption keys are managed per customer with regular rotation.
Data residency
Data is hosted in your preferred region. US and EU regions are available, and nothing leaves your selected region without explicit consent.
Retention & deletion
You control retention policies. Full data deletion is available on request, and when you disconnect, your data is purged.
AI-specific security
LLM data handling
When Topogy uses LLMs for analysis, no customer data is used for model training. We rely on enterprise API agreements with zero data retention from providers.
Context boundaries
The knowledge graph enforces access boundaries. Teams only see context for systems they own, and agents only receive context scoped to their authorized domain.
Questions about security?
We're happy to walk through our security architecture or share compliance documentation.