Security & Compliance

Security and compliance for governed AI coding

MegaBrain gives security, privacy, legal, and platform teams a clear path to evaluate AI coding — with the controls and documentation your review process expects.

Compliance & contracting

  • SOC 2 materials available during security review
  • DPA and security review materials on request
  • Subprocessor information for legal & privacy review
  • Standard MSA and enterprise contracting support

Data protection

  • Encryption in transit and at rest
  • No retention of AI prompts and outputs on paid plans
  • BYOK and approved-provider routing options
  • Data-residency and dedicated proxy gateway options

Access controls

  • SSO / SAML and OIDC
  • SCIM provisioning and deprovisioning
  • Role-based access control (RBAC)
  • Provider and model allowlists by organization policy

Operations & response

  • Audit logs for governed rollout and investigation
  • Incident response and customer-notification workflows
  • SLA commitments and priority support
  • Compliance artifacts kept current for review

What buyers can validate

  • How code and prompts are handled (no training, no retention on paid plans)
  • Which providers and models your org allows, and how routes are enforced
  • How identity, provisioning, and access are managed (SSO/SCIM/RBAC)
  • What is logged for audit and how incidents are handled

Documents & next steps

Request our security review packet — SOC 2 materials, DPA, MSA, subprocessor list, data-retention policy, and an architecture overview — and we'll walk your team through evaluation.