Certifications
Tembo is SOC 2 Type II compliant. We commit to annual third-party penetration testing to ensure the highest security standards. We also operate under GDPR-aligned data handling practices, and HIPAA compliance is currently in progress. For more information about our compliance status, visit our Trust Center.Infrastructure Security
Tembo’s infrastructure is built on trusted subprocessors, each serving a specific role in our system:| Subprocessor | Purpose | Details |
|---|---|---|
| AWS | Front-end and API infrastructure | US-based hosting |
| Tembo Cloud | System metadata storage | Secure metadata management |
| Anthropic | AI models | Zero data retention agreement |
| LangFuse | AI process tracing | Observability and monitoring |
| Sentry | Exception tracking | Error monitoring and debugging |
| Stripe | Billing | Payment processing |
| Clerk | Authentication | User authentication and management |
Security Practices
- No infrastructure in China - All infrastructure is located in trusted regions
- Least-privilege access - Access is granted on a need-to-know basis
- Multi-factor authentication - Required for all AWS access
- Network-level controls - Protected by network segmentation and firewalls
- Secrets-based access - Secure credential management and rotation
AI Requests and Data
Code and Repository Data
Tembo does not store your code long-term. When Tembo runs a task, it spins up an isolated sandbox environment, pulls only the repository context needed for the task, performs the work, opens a PR, and the environment is discarded afterwards. Full copies of customer repositories are not retained in persistent storage.- All data is encrypted in transit and at rest
- Access is tightly controlled and logged
Chat and Interaction Data
Chat messages and text used in interactions with Tembo are stored more persistently to enable conversation history and task continuity. We recommend avoiding including any PII or sensitive data (such as patient information, credentials, or personal identifiers) in issues, chat messages, logs, and repositories regardless of tooling — this is best practice across the stack. Important: You own all the code generated by Tembo.Account Deletion
You can delete your account at any time through the Settings dashboard. When you delete your account:- Complete data removal occurs within 30 days
- Deleted data will not be used in future model training
- All associated repositories and integrations are disconnected
Vulnerability Disclosure
We take security reports seriously and follow a responsible disclosure process:- Acknowledgment - We acknowledge reports within 5 business days
- Investigation - Our security team investigates the reported vulnerability
- Resolution - We work to resolve confirmed vulnerabilities promptly
- Disclosure - Results are published on our GitHub security page
Critical Incidents
In the event of a critical security incident, we will:- Communicate via GitHub security advisories
- Send email notifications to affected users
- Provide detailed information about the incident and remediation steps