Security
Trust, infrastructure, and access
Factimonious is built for teams who connect production-adjacent systems. We treat repository content, tokens, and generated evidence as sensitive by default.
Authentication
Primary login is GitHub OAuth. Repository access is designed around durable, least-privilege GitHub App installations rather than long-lived broad user tokens—so scopes stay narrow and revocable.
Infrastructure
The product is hosted on AWS with encrypted storage for databases and objects, secrets in a managed vault, and network isolation for workers that touch repository data. Marketing and app surfaces may live on separate subdomains with their own controls.
Privacy and data handling
We apply tenant isolation in the data layer, rate limiting at the edge, and structured audit logging for security-sensitive events. Enterprise plans extend retention, export, and governance controls.
This page describes our security posture at a high level and is not a legal agreement. For contractual terms, see your order form or contact us for an enterprise security pack.