SlashCommandSlashCommand

Security and access, documented honestly.

Access operates on short-lived installation tokens — no personal credentials, no long-lived repository credentials retained, and no merge or high-risk write lane enabled without explicit human authorization.

Trust documents

Data Retention ApproachWhat is retained, what is not, and current formalization stateService SubprocessorsInfrastructure and service providers that process data on our behalf

Access model

SlashCommand does not use personal access tokens for product access.

We connect through a registered GitHub App with short-lived, installation-scoped tokens. You control which repositories are accessible and can revoke at any time from GitHub settings.

Integration modelRegistered GitHub App — not OAuth, not personal tokens.
Token lifetimeShort-lived installation tokens, minted per-request and expired automatically. No persistent credentials.
Repository scopeYou select which repositories are accessible at installation. Revocable at any time from GitHub settings.

Data boundaries

Analysis uses bounded repository signals. SlashCommand does not keep a persistent mirror of your repository.

What SlashCommand reads

  • Pull request metadata — title, author, labels, status
  • File paths and diff statistics
  • GitHub diff content in selected review and approval flows
  • Commit SHAs and branch references
  • CI/CD check status (pass / fail)
  • Dependency manifests (package.json, etc.)

What SlashCommand does not do

  • Keep a persistent mirror of your full repository
  • Access repositories you have not granted
  • Retain long-lived access tokens
  • Enable merge or broader write lanes without separate proof and policy gates
  • Sell or commercially share your data

Infrastructure providers operate the service on our behalf. We do not sell or transfer customer data to any third party. Service subprocessors →

Security & infrastructure

Deployed on managed cloud infrastructure, with tenant scoping in key product paths and no repository mirror stored in product storage or logs.

Infrastructure

  • Google Cloud Platform — managed compute and storage
  • EU-based build and deployment infrastructure
  • Stateless containers, HTTPS enforced
  • Secrets managed via dedicated infrastructure, never in code

Data handling

  • No persistent repository mirror in product storage
  • Tenant-scoped access controls in key product paths
  • PII excluded from logs by policy
  • Logs are configured to exclude tokens, secrets, and repository content

Governance model

AI-assisted workflows operate within human-authorized boundaries.

SlashCommand is live, but high-risk operations remain outside the current automatic execution boundary while we learn from public usage.

Human authorization required

Product-initiated writes outside the current low-risk boundary require explicit human approval. The currently proved low-risk lanes are governed repository labeling and governed repository comments; broader actions remain separately gated.

Evidence-based merge policy

Merge automation is not shipped. Any future merge lane requires risk classification, verification evidence, branch protection proof, human authorization, and explicit user feedback before widening.

Scope validation at the API layer

Every operation is validated against your active GitHub App binding. Operations outside your granted repository scope are blocked before execution.

Maturity

The access, data, and governance practices described above — assessed at their actual readiness. Operational today, being formalized, or not yet in scope. No assumptions made about practices not yet in place.

Operational
  • GitHub App model — short-lived tokens only
  • No persistent repository mirror stored in product data
  • Human authorization required outside the proved label/comment lanes
  • Cloud-hosted on GCP, EU-based infrastructure
  • Tenant-scoped access controls in key product paths
  • Merge automation excluded from the current product boundary
In progress

Partially implemented or being formalized

Not yet

Not in current scope

  • SOC 2 / ISO 27001 certification
  • Formal penetration testing
  • SSO / SCIM provisioning
  • Data Processing Agreement (DPA)

Evaluator questions

Questions raised most often during security reviews and procurement evaluations.

Can I limit which repositories SlashCommand accesses?

Yes. During GitHub App installation, you choose between all repositories or specific ones. You can change this at any time from GitHub settings — no action required from SlashCommand.

Does SlashCommand store my source code?

SlashCommand does not keep a persistent mirror of your repository. It reads bounded repository signals such as PR metadata, file paths, diff statistics, and in selected review or approval flows may handle GitHub diff content needed to prepare or evidence an action.

What happens if I disconnect the GitHub App?

All product features depending on repo access stop immediately. Your account and settings remain intact and you can reconnect at any time.

Can SlashCommand merge pull requests without my approval?

No. Merge automation is not shipped. Any future merge lane requires risk classification, verification evidence, branch protection proof, human authorization, and explicit user feedback before widening.

Where is my data hosted?

Google Cloud Platform, EU-based infrastructure. Secrets are managed via dedicated infrastructure and are never stored in code or version control.

Is SlashCommand SOC 2 or ISO 27001 certified?

No. We have not pursued formal security certifications. We do not claim or imply compliance with any certification standard.

Continue the review

This page summarizes our current access model, security posture, and governance controls.

Additional details on any section can be provided during evaluation. Reach out directly.

Security & trust inquiries

security@slashcommand.dev

For vendor review, security questions, and trust inquiries.

Source & history →