Your code is yours. We built PropelCode with security as a foundation, not an afterthought.
Every user gets their own isolated Linux container on Railway. No shared environments, no shared file systems, no shared processes. Your code never touches another user's workspace. Containers are provisioned on demand and can be destroyed at any time.
Passwords are cryptographically hashed and never stored in plaintext. Sessions use short-lived tokens with automatic expiration. GitHub OAuth uses the secure device flow. Login attempts are rate-limited to prevent brute-force attacks.
All connections are encrypted with TLS. The web app is served over HTTPS only. WebSocket connections to your container use the secure wss:// protocol. API calls between your browser and our server are encrypted end-to-end.
Our database uses encrypted connections. User credentials are cryptographically hashed. OAuth tokens are stored securely with encryption. We follow the principle of least privilege — our application only accesses the data it needs to operate.
When you use the AI agent, code context from your current session is sent to AI providers to generate responses. These providers do not store your code or use it for model training per their data processing agreements. You control what context the agent sees.
Your code stays in your container. We do not access, read, index, or analyze your source code. When you delete your account, your container and all files within it are permanently destroyed. Your intellectual property is yours alone.
PropelCode runs on managed cloud infrastructure with automatic TLS certificate management and DDoS protection. Our server is hardened with industry-standard security headers, strict CORS policies, and rate limiting on all endpoints. Request sizes are limited to prevent abuse.
We regularly audit and update our dependencies. Server and client packages are kept current with security patches. We use lockfiles to ensure reproducible builds and prevent supply chain attacks.
Found a vulnerability? We appreciate responsible disclosure and take all reports seriously. Please contact us with details of the issue, steps to reproduce, and any potential impact.
We commit to acknowledging your report within 48 hours and providing regular updates on our investigation.
security@propelcode.app