Security, privacy & transparency

Your data is valuable to you and safe with us.

Illustration of a computer with a security shield.

Data security & privacy are in our DNA

We take security and privacy seriously here at Bearer. Our values reflect on our product, on who we work with, and on how we operate. That is by design, to protect your organization, and we are proud of it.

An application icon with a padlock

Controlled access

Bearer never clones repositories nor store source code ever. Bearer processes metadata only.

A shield with a padlock

Encrypted data

Bearer does not store user authentication data. All data is encrypted when in transit and at rest.

A cloud with a padlock


Bearer infrastructure runs on Amazon Web Services. We run inside a private network, with strict access.

A computer with a padlock

Holistic security

All auth, data access, & infra providers are secure. All providers are SOC, ISO or PCI compliant.

Engineered to keep your data safe

Bearer data security diagram

Control data requests

Bearer integrates with your Source Code Management (SCM) systems (GitHub, GitLab) to scan your source code. We use static code analysis to detect engineering components (applications, external APIs, databases) processing data and trigger risk assessment workflows.

In order to keep your sensitive data inside your private network and limit the files Bearer can access, and the actions that Bearer can perform, we use a broker. The Bearer Broker is an open-source tool that acts as a proxy between Bearer and your SCM systems. 

It has a client (a Docker image deployed on your infrastructure) and a server component running on Bearer SaaS backend. The Broker client maintains an approved data list for inbound and outbound data requests. 

Only requests included in this approved list are allowed. By default, only metadata is sent to our infrastructure for processing and storing. You always have complete control over which data you are sending to Bearer.

Data request diagram

Security & privacy by design


Your data, your choice

Controlled access to data
Opt-out and data removal

Secure at every step

Secure access
Encryption in transit and at rest
Solid infrastructure
Network-level security monitoring
and protection
Secure development

Designed for your privacy

Your privacy at a glance

Build with care

Safe changes

Trustworthy people & partners

Secure access
Trusted third-party providers
Trusted payment processor
Assessed vendors

Bring the speed of DevOps to data security

Bearer helps companies processing sensitive data identify and mitigate data security risks.