Security & Privacy Policy

Your code is your intellectual property. Here's exactly how we handle it.

πŸ›‘οΈ Our Core Principles

1. Minimal Access

Our GitHub App requests read-only access to code content. We cannot:

  • Modify your code
  • Create or delete files
  • Access other repositories you haven't authorized
  • See your private tokens or secrets

2. Temporary Processing

When you trigger an audit:

  1. Your code is downloaded to a secure, isolated analysis environment
  2. Analysis tools (Slither, Mythril) run in memory
  3. Results are extracted and saved to our database
  4. Source code is immediately deleted (within seconds)

3. Zero Data Retention

We DO store:

  • Audit results (vulnerabilities found, severity, line numbers)
  • Gas optimization suggestions
  • Audit metadata (timestamp, repository name, commit SHA)

We DO NOT store:

  • Your source code
  • Environment variables or secrets
  • Dependencies or full project structure

πŸ—οΈ Technical Architecture

Data Flow Diagram:

1
GitHub Webhook Trigger
Pull Request comment triggers audit request
2
Temporary Download
Full repository cloned to isolated environment (RAM only, no disk storage)
3
Static Analysis
Slither + Mythril + Custom Heuristics run in memory
4
Extract Results
Vulnerabilities, gas metrics, and suggestions saved to database
5
DELETE Source Code
All source files permanently deleted from servers
6
Post Summary to GitHub
Audit summary posted as PR comment with link to full report on solidityprism.dev
7
View Full Report (Optional)
Developer clicks the link to view detailed analysis, code examples, and recommendations on solidityprism.dev
Security Guarantee

Code retention time: 1 to 10 minutes

Your source code exists in memory only during analysis and is immediately purged. Zero permanent storage.

πŸ“Š See Real Results

Don't take our word for it. Check out actual audit reports showing vulnerabilities found and gas optimizations suggested.

View Showcase Reports β†’

πŸ“‹ Compliance

Smart Contract Audit Standard

We follow best practices from established Web3 security firms like Trail of Bits and OpenZeppelin: read-only access, zero code storage, and immediate deletion after analysis.

Zero Code Storage & User Control

Your code is never permanently stored. You can request deletion anytime, revoke access instantly, and maintain full control over your intellectual property globally.

🏒 Enterprise Self-Hosted Option

For organizations with strict data residency requirements, we offer a self-hosted deployment where:

  • All analysis happens on your infrastructure
  • Zero data leaves your network
  • Full control over data retention policies
  • Dedicated support and custom integrations
Request Enterprise Information

πŸ“Š How We Compare

Solidity Prism is a comprehensive pre-audit tool for developers: security vulnerabilities + gas optimization analysis in one platform. Designed for continuous development workflow and rapid iterationβ€”not as a replacement for professional audits, but as an essential step before them.

Security PracticeSolidity PrismIndustry Standard
Code Access Typeβœ… Read-onlyβœ… Read-only
Source Code Storageβœ… Zero (deleted immediately)⚠️ Variable (some tools cache)
User Controlβœ… Revocable anytimeβœ… Revocable anytime
Third-Party Sharingβœ… Neverβœ… Never (reputable tools)
Self-Hosted Optionβœ… Available (Enterprise)⚠️ Rare

Important Disclaimer: Solidity Prism is a powerful pre-audit and continuous development tool, not a substitute for professional security audits. The results are intended to help you catch common issues and optimize gas costs quickly during development, but Solidity Prism cannot be held responsible for any bugs, vulnerabilities, or errors introduced or missed as a result of following suggestions.

Our engine leverages industry-leading tools like Slither and Mythril, and uses advanced AI-driven formatting for clarity and actionable advice. However, all automated analysis tools can overlook very complex or novel vulnerabilities, and although our AI layer is designed for maximal precision, it may very rarely hallucinate or misinterpret findings (we've minimized this through extensive prompt engineering and validation).

Always perform your own code review and engage professional auditors before mainnet deployment. Solidity Prism is an assistant, not a replacement for human expertise or final responsibility.

❓ Security FAQ

What if Solidity Prism is hacked?

Since we don't store source code, there's nothing for attackers to steal. Our database contains only audit results (publicly visible findings like "reentrancy vulnerability on line 42"). Your intellectual property is never at risk.

Do you use my code to train AI models?

No. Your code is never used for training, fine-tuning, or any machine learning purposes. Analysis is purely rule-based and symbolic execution.

How do I revoke access?

Solidity Prism runs as a GitHub Action in your repository. To revoke access:

  1. Delete the workflow file: In your repository, delete .github/workflows/solidity_prism.yml and commit the change. This immediately stops all audits.
  2. Remove the secret (optional): Go to your repository Settings β†’ Secrets and variables β†’ Actions, find PRISM_ACTION_SECRET, and click Remove.
  3. Deactivate in dashboard (optional): Log in to your Solidity Prism dashboard and deactivate the repository.

See our full uninstallation guide for detailed instructions.

Still Have Questions?

We're happy to discuss our security practices in detail.

Open an Issue on GitHub