SotaDocs logo
launching Aug 29, 2026
  • Product
  • Integrations
  • Docs
  • Blog
  • Pricing
  • Benchmarks
  • Security
Install MCPGet API Key

Security

Private by default. We never store your code.

Data Flow

Connect Source
->
Process Content
->
Create Embeddings
->
Discard Source
->
Store Index Only

We never store your source code. Content is processed to create semantic indexes, then discarded.

Encryption in Transit

TLS 1.3 for all connections. HTTPS only. Certificate pinning for SDKs.

Encryption at Rest

AES-256 encryption for all stored data. Keys managed via AWS KMS.

Tenant Isolation

Complete data isolation between accounts. No cross-tenant access possible.

Retention & Controls

What We Store

  • Semantic embeddings (vector index)
  • Metadata (URLs, versions, timestamps)
  • Your configuration and settings

What We Don't Store

  • Raw source code
  • Private repo contents
  • Query contents (beyond 24h logs)

Deletion Rights

  • Delete any source anytime
  • Delete entire account
  • Automatic 30-day backup purge

Enterprise Controls

  • Custom retention policies
  • Audit logs
  • SSO/SAML

Private Repository Handling

When you connect a private repository:

  1. We use your OAuth token to fetch content
  2. Content is processed in memory
  3. Semantic embeddings are created
  4. Source content is immediately discarded
  5. Only embeddings + metadata are stored

Zero Knowledge

Embeddings cannot be reversed to recreate source code.

Compliance

SOC 2 Type II

In progress. Expected Q2 2025.

GDPR

Compliant. DPA available on request.

DPA

Data Processing Agreement available for Team+ plans.

Vulnerability Disclosure

Found a security issue? We appreciate responsible disclosure.

Report Vulnerability

security@sotadocs.com | PGP key available

Security & Privacy FAQ

No. SotaDocs processes content to create semantic indexes but never stores raw source code on its servers. We only retain metadata and semantic embeddings.

We use temporary, isolated workers to index private content. Once the index is built, the worker is destroyed and raw code is immediately purged from the system.

Yes. All data is encrypted at rest using AES-256 and in transit using TLS 1.3, ensuring your documentation context remains private.

Only authenticated users with the appropriate repository permissions can access the context via MCP tools or our secure REST API.

SOC2 Type II compliance is currently on our 2026 roadmap. We already adhere to SOC2 security and privacy principles in our current data handling workflows.

Product
  • Features
  • Pricing
Developers
  • Docs
  • API
  • MCP
Resources
  • Benchmarks
  • FAQ
  • Glossary
  • Security
Company
  • About
  • Contact
  • Privacy Policy
  • Terms
  • Refund Policy
SotaDocs logoSotaDocs logo

The Context Engine for AI Coding Agents.
Find Context. Fast.

Get notified when SotaDocs launches

Public preview · launching Aug 29, 2026

© 2026 SotaDocs · Public preview · launching Aug 29, 2026

support@sotadocs.com