Your codebase. Your control.

Meridian is built code-first with security at every layer.

SOC 2 Type IIGDPRHIPAA-readyISO 27001

Security principles

Diffs, not source

We analyze pull request diffs only. Your full source code never leaves your environment.

Zero retention

Code snippets are processed in memory and never persisted to our storage.

End-to-end encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Permissions-first

Meridian respects your existing GitHub/GitLab repository permissions exactly.

How we keep your data safe

  • End-to-end encryption (TLS 1.3 in transit, AES-256 at rest)
  • Zero-knowledge architecture — we never see your source code
  • Continuous monitoring and real-time threat detection
  • Role-based access controls and audit logging
  • Regular third-party penetration testing
  • Automatic key rotation with dedicated KMS
Code DiffsEncrypted
PermissionsSynced
Audit TrailLogged

Independently verified

SOC

SOC 2 Type II

Independently verified security, availability, and confidentiality controls with continuous monitoring.

GDPR

GDPR

Full compliance with the EU General Data Protection Regulation. Data processing agreements available.

HIPAA-ready

HIPAA-ready

Compliant safeguards for protected health information in healthcare engineering environments.

ISO

ISO 27001

Information security management system aligned with international standards.

Questions? Talk to our security team.

Contact securityEnterprise overview

Powerful enough to review your code. Safe enough to trust it.

Get started free