POPIA & Security
EngineIQ is designed for South African B2B buyers who need clear data boundaries and defensible AI practices.
No source code persistence
Customer repositories are not stored on EngineIQ disks or databases. Diffs are held in memory for the duration of a review job. We may persist non-sensitive metadata such as file paths, line numbers, finding categories, and job state — suitable for POPIA minimisation discussions with your information officer.
Tenant isolation
PostgreSQL row-level security aligns with application-level tenant_id filters so cross-tenant access is not possible through the product data path.
Secrets & subprocessors
API keys and integration secrets are loaded from environment variables or your secret manager. Anthropic is used for review generation; data processing agreements should be reflected in your vendor register.
Transparency on PR comments
Every automated PR comment includes a footer stating that the review used in-memory processing only and did not store customer source code — visible to developers and auditors.