> ## Documentation Index
> Fetch the complete documentation index at: https://docs.byterover.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Infrastructure

> ByteRover's security posture, certifications, infrastructure, and enterprise trust commitments

At ByteRover, we understand that security and infrastructure transparency are foundational to customer trust—especially for engineering teams and organizations evaluating SaaS platforms for internal or mission-critical use.

This document outlines our security approach, compliance certifications, infrastructure design, subprocessors, and policies that ensure your data and workflows stay protected.

## Certifications & Third-Party Validation

### SOC 2 Type II Certified

ByteRover is SOC 2 Type II certified, independently audited by external auditors to validate our security controls, processes, and operational effectiveness over time. SOC 2 is a widely recognized standard in the technology industry and required by many enterprise customers evaluating vendors for data protection and operational assurance.

Being SOC 2 Type II certified means we have demonstrated appropriate controls across several Trust Services Criteria:

<CardGroup cols={2}>
  <Card title="Security" icon="shield-check">
    Protection against unauthorized access and misuse
  </Card>

  <Card title="Confidentiality" icon="lock">
    Safeguarding sensitive information
  </Card>

  <Card title="Processing Integrity" icon="check-circle">
    Ensuring services operate as designed
  </Card>

  <Card title="Availability" icon="activity">
    Supporting uptime and reliability
  </Card>
</CardGroup>

<Card title="Access Compliance Documents" icon="file-check" href="https://compliance.byterover.dev/">
  Access our compliance documentation and request our SOC 2 Type II report through our Trust Center
</Card>

## Infrastructure Security & Architecture

Our infrastructure is designed with enterprise-grade safeguards to ensure data is protected at every layer of operation.

### Hosting & Cloud Providers

ByteRover services run on industry-leading cloud platforms, configured to maximize security, performance, and geographic flexibility.

| Aspect                  | Details                                                                        |
| ----------------------- | ------------------------------------------------------------------------------ |
| **Primary Providers**   | GCP, Cloudflare for redundancy and specialized workloads                       |
| **Network Security**    | Strict network segmentation to isolate production from testing and development |
| **Perimeter Defense**   | Cloudflare reverse proxy for DDoS protection and enhanced performance          |
| **Access & Monitoring** | Rigorous access controls and continuous monitoring enforced throughout         |

### Encryption & Data Protection

<CardGroup cols={2}>
  <Card title="Encryption in Transit" icon="lock">
    All communication channels encrypted using TLS 1.2+ (HTTPS)
  </Card>

  <Card title="Encryption at Rest" icon="database">
    Stored data encrypted using AES-256 encryption standard
  </Card>

  <Card title="Key Management" icon="key">
    Encryption keys managed using secure KMS with strict access policies
  </Card>

  <Card title="Data Residency" icon="globe">
    Data stored in secure data centers in approved regions for sovereignty compliance
  </Card>
</CardGroup>

### Access Controls & Identity Management

We enforce strict role-based access control (RBAC), granting the minimum required permissions to team members and systems. Access to production infrastructure is protected by:

* **Multi-Factor Authentication (MFA)**: Mandatory for all administrative access
* **Single Sign-On (SSO)**: Available for internal teams and enterprise customers
* **Audit Logging**: Comprehensive logging tracks all changes and security-relevant events
* **Regular Reviews**: Access privileges are reviewed quarterly to ensure least privilege

## Subprocessors & Third-Party Services

To deliver a scalable and reliable service, ByteRover works with trusted subprocessors whose services contribute to platform operations. Transparency is key to our security model.

Like other modern SaaS platforms, we clearly list these relationships to support your security reviews and vendor assessments. By providing clear subprocessor listings, customers can:

* Understand where data is processed and stored
* Verify each subprocessor's controls and certifications
* Assess compliance with internal security and regulatory requirements

We ensure all subprocessors are bound by contractual commitments to safeguard your data and uphold approved security practices.

<Card title="View Subprocessors" icon="list" href="https://compliance.byterover.dev/subprocessors">
  Access our complete, up-to-date listing of all third-party data processors
</Card>

## Monitoring, Audits & Continuous Improvement

Security is not a one-time event for us. We maintain ongoing monitoring, logging, and alerting systems across our service environment.

* **Continuous Monitoring**: 24/7 monitoring capabilities utilizing Grafana Alerting for real-time system and application anomaly detection, combined with cloud-based CVE alerting services to proactively identify and respond to newly disclosed vulnerabilities
* **Regular Assessments**: Internal and third-party assessments—such as penetration testing—help us identify areas for improvement
* **Compliance Audits**: Our SOC 2 Type II certification reflects these continuous efforts and reinforces our commitment to maintaining high standards over time

## Data Privacy & Customer Rights

ByteRover is committed to respecting your privacy and giving you control over your data.

* **Data Minimization**: We only collect data necessary to provide our services
* **Privacy Mode**: For sensitive use cases, we offer Privacy Mode where code data is never stored by our model providers or used for training

## Transparency & Customer Support

We recognize that thorough visibility into security practices is essential for adoption within enterprise and regulated environments.

<CardGroup cols={2}>
  <Card title="Trust Center" icon="shield-check">
    Public access to compliance documentation and policies
  </Card>

  <Card title="Audit Reports" icon="file-text">
    SOC 2 audit access available upon request (subject to NDA)
  </Card>

  <Card title="Subprocessors" icon="list">
    Clear, up-to-date listing of all third-party data processors
  </Card>

  <Card title="Support" icon="headphones">
    Responsive support for security questionnaires and compliance reviews
  </Card>
</CardGroup>

## Enterprise Network Compatibility

ByteRover CLI (v2.4.0+) is designed for seamless operation within restricted corporate networks. It automatically detects and respects standard environment variables:

* **Proxy Protocols**: Supports HTTP, HTTPS, and SOCKS5 (via `HTTPS_PROXY` or `ALL_PROXY`).
* **Bypass Rules**: Respects `NO_PROXY` patterns for internal domain exclusions.
* **Authentication**: Native support for authenticated proxies (e.g., `http://user:pass@proxy.corp:8080`).

For networks with SSL/TLS inspection, point `NODE_EXTRA_CA_CERTS` to your corporate root CA certificate file. This ensures the CLI can verify intercepted traffic without compromising security.

No additional configuration files or CLI flags are required — simply set your environment variables and ByteRover will handle the routing for cloud sync, hub, and authentication services. Traffic to external LLM providers (OpenAI, Anthropic, OpenRouter, etc.) is not routed through the proxy.

See [Troubleshooting — Proxy Configuration](/faqs/troubleshooting#how-do-i-configure-byterover-cli-to-work-behind-a-corporate-proxy) for setup instructions and common fixes.

## Vulnerability Disclosure

If you believe you have found a vulnerability, please submit a report to `security@byterover.dev`. We commit to acknowledging vulnerability reports within 5 business days.

## Summary

ByteRover's security posture is grounded in:

* **Independent SOC 2 Type II certification**
* **Secure cloud infrastructure** with encryption and access controls
* **Documented security policies** and operational practices
* **Transparency** around subprocessors and compliance artifacts
* **Continuous monitoring**, audits, and improvement efforts
* **Customer-centric privacy controls** (Privacy Mode)

We build our platform not just to perform, but to earn your trust every day—delivering both reliability and peace of mind as you scale.

***

**ByteRover Security Team**

* Contact: `security@byterover.dev`
* Trust Center: [https://compliance.byterover.dev](https://compliance.byterover.dev)