Skip to main content
Mesa is built with security in mind. We take the security of our customers’ data seriously and have a number of measures in place to protect it. We are SOC 2 Type 2 compliant and follow industry best practices for security. Further, we have engaged a third-party security firm to perform a comprehensive penetration test of our system, and have addressed all of the findings.

Data Encryption

All data is encrypted using industry-standard encryption algorithms.

Data Leakage

We take data leakage seriously and have a number of measures in place to prevent it, including:
  • Mesa does not store full pull requests or full codebase text at rest.
  • Data that we do store (pull request metadata, diff summaries, etc.) is encrypted at rest using industry-standard encryption algorithms.
  • All data is stored in a secure database.
  • All data is protected by a VPN and WAF.
  • All data is transmitted securely using HTTPS.
  • All API requests are authenticated and authorized.
  • All Mesa secrets are stored in a secure key management system.
  • Review agents are run in a tenant-isolated, sandboxed environment.

Data Retention

We retain data for as long as it is needed to provide the service to our customers. We do not retain data for longer than necessary. We do not sell data to third parties.

Data Breach Response

We take data breaches seriously and have a number of measures in place to respond to them, including:
  • We have a data breach response plan in place.
  • We have a data breach response training program in place.
  • We have a data breach response communication plan in place.

Questions?

If you have any questions about our security practices, or if you would like to make a good-faith vulnerability report, please contact us at founders@mesa.dev.