You're trusting us with access to your source code. We take that seriously. This page documents exactly how we handle your data, protect your code, and keep our own platform secure.
Our core commitments to every customer
Your source code is analyzed in ephemeral, isolated environments. We retain only the security findings β not the code itself. Scan jobs are destroyed after analysis completes.
β Active PolicyAll data in transit uses TLS 1.3. Findings and metadata stored at rest are encrypted using AES-256. Encryption keys are managed via a dedicated key management service.
β Always EncryptedEvery scan, every finding access, every user action is logged with immutable audit trails. SIEM integration available for teams that need to pull logs into their own systems.
Available on UltimateAquilaX undergoes regular third-party penetration testing. We eat our own dog food β our own platform runs AquilaX scans on every commit to our codebase.
β Annual 3rd Party PentestAquilaX LTD is a UK-registered company. We process data in accordance with UK GDPR and EU GDPR. EU-region SaaS deployment available for data residency requirements.
β GDPR AlignedYour most sensitive code never leaves your network. AquilaX on-premises deploys all 32 scanners inside your infrastructure β air-gapped environments supported.
Available on UltimateA transparent view of the code scanning lifecycle
AquilaX requests read-only access to your repositories via OAuth. We never request write permissions. Tokens are encrypted and stored with rotation policies.
Code is fetched into an isolated, ephemeral container for each scan. The container is network-isolated and destroyed after scanning completes.
All 32 scanners analyze the code in parallel within the isolated environment. No code leaves the container during analysis.
Only the security findings (file paths, line numbers, vulnerability descriptions) are stored β encrypted. Source code is discarded.
The ephemeral scan container and all temporary files are cryptographically wiped after each scan. Your code exists in our infrastructure only during the scan window.
β What we store (findings only)
β What we never store
How Securitron AI handles your code β and what it doesn't do
Securitron AI operates exclusively within AquilaX-owned data centres. Your code is never sent to third-party AI providers (OpenAI, Anthropic, etc.) β our AI runs entirely in-house.
Customer data is never shared with third parties. We use open-source AI models where licences allow, but internally gathered security intelligence is never shared with any third-party dataset.
Customers have the right to delete some or all of their information from our systems at any time. Data deletion requests are processed promptly β no retention after deletion.
Securitron AI is tailored specifically for the cybersecurity space β trained on over 300 million projects to reduce noise and computational demands. Not a general-purpose LLM pointed at code.
Our AI models are designed to be CPU-friendly, enabling full on-premises installations without GPU infrastructure requirements β essential for air-gapped government and defence deployments.
Our full AI and engineering principles are publicly documented at docs.aquilax.ai. Transparency is a non-negotiable principle for us.
AquilaX generates audit-ready evidence packages for the most common frameworks
Hosted on UK/EU infrastructure. Connect and scan in minutes. Zero ops overhead.
Deploy the full platform inside your network. Your code never leaves your perimeter.
We believe in working with the security community to keep our platform and customers safe. If you discover a security vulnerability in AquilaX, we ask that you report it responsibly β we'll acknowledge receipt within 24 hours and work with you on a coordinated disclosure.
Report vulnerabilities to: [email protected]
Contact Security TeamHave specific questions about how AquilaX handles your code? Need a security questionnaire completed? Our team is happy to provide detailed answers.