Skip to content
DocuBot documentation

Security and compliance overview

DocuBot protects your source code and documentation through a security-first architecture. By focusing on ephemeral processing and static output, the system minimizes the risk to your intellectual property while providing high-quality help centers.

Security architecture overview

DocuBot uses a high-level security model designed to protect your data through every stage of the documentation lifecycle. The system follows a philosophy of ephemeral processing, meaning it only accesses your repository content during the active generation window.

The primary advantage of this model is the static HTML output. Because your documentation site is pre-generated, the public-facing help center doesn’t require a live connection to your source code or internal databases. This separation creates a natural security barrier between your development environment and your end users.

Data protection and privacy

We handle your repository content with strict privacy controls. When you trigger a sync, DocuBot retrieves the necessary code segments to analyze your product’s functionality. Once the documentation is generated, these temporary segments are cleared from the processing environment.

Your data is protected using the following methods:

  • Encryption in transit: All communication between your browser, GitHub, and DocuBot is encrypted using standard TLS/SSL protocols.
  • Encryption at rest: Generated documentation artifacts and workspace settings are stored using industry-standard encryption provided by our cloud infrastructure.
  • Secure hosting: Your static documentation sites are hosted in isolated environments to prevent cross-site vulnerabilities.

Information regarding specific data retention policies for generated artifacts is not available in the current repository.

Authentication and access control

You manage your DocuBot workspace through secure authentication providers. The system uses Google Sign-In to verify your identity, ensuring that only authorized users can access the dashboard or modify repository settings.

To document private repositories, you must authorize DocuBot via GitHub OAuth. We follow the principle of least privilege, requesting only the scopes necessary to read your repository content. You can revoke this access at any time through your GitHub account settings.

Within the dashboard, you can manage permissions for your documentation sites, including setting up URL slugs and choosing which audiences can view specific document types.

Compliance and infrastructure standards

DocuBot is built on modern cloud infrastructure that adheres to global security best practices. We perform regular security updates and monitoring to protect against emerging threats.

While the platform follows standard encryption and security protocols, information regarding specific SOC2 or ISO certifications is not available at this time. The system relies on the underlying security controls of our cloud providers to maintain high availability and network-level protection.

Security support and reporting

We take security inquiries and vulnerability reports seriously. If you have questions about our security posture or need to report a potential issue, please use our official support channels.

You can reach the security team through the following methods:

When reporting a vulnerability, please include a detailed description of the issue and steps to reproduce it so our team can investigate promptly.