What makes diffray different from other AI code review tools?

diffray uses multi-agent intelligence instead of single-model AI. Multiple specialized agents work together - Security Agent, Performance Agent, Architecture Agent, and Consistency Agent - each expert in their domain. This coordinated approach reduces false positives by 87% and catches 3x more real bugs.

How long does a code review take with diffray?

diffray provides comprehensive code reviews quickly. The multi-agent system works in parallel to analyze your code efficiently while maintaining thorough analysis.

Is diffray free for open source projects?

Yes, diffray is free forever for open source projects. We support the open source community with full access to our multi-agent code review platform.

Your Code Is Safe With Us

We Never Store
Your Source Code

Your code is your most valuable asset. We understand that. diffray is designed from the ground up to keep your source code private and secure. Only AI agents access it during review — and then it's gone.

No Storage

Your code is never stored. Not on our servers. Not anywhere.

No Human Access

Only AI agents see your code during review. No employees ever access it.

Immediate Deletion

Code is deleted the moment the review completes. No traces left.

How We Handle Your Code

A transparent look at exactly what happens during a review

Temporary Clone

When a PR is opened, we create a temporary clone of your repository in an isolated container. This clone exists only in memory and on ephemeral storage.

AI Review

Our AI agents analyze the changes in your pull request. They look at the code, understand the context, and generate review comments. Only the AI has access to your code.

Complete Destruction

The moment the review is complete, the container is destroyed. The clone, any intermediate files, everything is wiped. There is no way for code to persist.

Total processing time: typically under 2 minutes. Your code exists on our infrastructure for only as long as the review takes.

Ephemeral Environment

Each review runs in a completely isolated container — created specifically for your review and fully destroyed when complete.

Fresh environment every time

No data from previous reviews

Complete isolation

Cannot access other customers' data

No network access

Except to GitHub and AI services

Immediate destruction

Container and all data wiped on completion

No persistent storage

No code remains after the review

What This Means For You

There is no way for code to persist between reviews or be accessed after the process ends.

Even in the unlikely event of a security breach, there would be nothing to steal — the code simply doesn't exist on our infrastructure outside of active reviews.

Your Code, Your Rights

Clear commitments about how we treat your intellectual property

Full Ownership

You retain all ownership rights to your code. Always.

No AI Training

Your code is NEVER used to train AI models. Period.

No Sharing

We NEVER share your code with other customers or third parties.

Service License Only

diffray receives a license solely to provide the review service.

About Our AI Provider

We use Claude AI through Anthropic's API. Anthropic does not train on customer data sent through their API. Your code is processed and forgotten — it never becomes part of any AI model.

GitHub App Permissions

We follow the principle of least privilege — we only request what we need.

Permission	Purpose
Contents (read)	Access changed files for review
Pull requests (read/write)	Read PR details, post review comments
Checks (read/write)	Create check runs for review status
Metadata (read)	Basic repository information

Infrastructure Security

diffray runs on AWS with enterprise-grade security:

VPC isolation between all components

Private subnets for processing workloads

No public access to internal services

Regular security patches and updates

SOC 2 Type II compliant infrastructure

Data Protection

Encryption

In transit — TLS 1.3 encryption for all connections
At rest — AES-256 encrypted storage for all data

Authentication

Secure OAuth 2.0 via GitHub
API keys hashed, never stored in plain text

Compliance Roadmap

Current Status

AWS SOC 2 Type II infrastructure

TLS 1.3 / AES-256 encryption

GDPR-compliant data handling

DPA available on request

Planned

SOC 2 Type II certificationQ4 2025

Penetration test by third partyQ2 2025

ISO 270012026

Enterprise customers requiring specific compliance documentation before our SOC 2 completion can contact security@diffray.ai for a detailed security questionnaire response.

Data Flow Architecture

See exactly how your code flows through our system during a review

PR Event

Ephemeral Container

Isolated • No persistent storage

Code context (not stored)

Review comments

Container Destroyed

All data wiped immediately

Repository cloned to ephemeral container (memory + temp storage)

Code context sent to Claude API — not stored by Anthropic

Review comments posted directly to GitHub PR

Container and all data destroyed immediately after review

Total processing time: typically under 2 minutes

Data We Collect

Transparency about what information we access

From GitHub

Repository names and metadata
Pull request data (during review only)
Review results (issues found)

From You

GitHub credentials (username, email, avatar)
Company information (if provided)
Support communications

Automatically

IP address, browser type, device data
Session cookies for authentication
Analytics data

Data Retention

What we keep and for how long

Data Type	Retention
Source code	Never stored
Review results (issues found)	90 days (visible in dashboard)
Account data	While active + 30 days after deletion
Repository metadata	Deleted within 90 days of disconnecting

Your Rights

You have control over your data

Access

Request a copy of your data at any time

Correct

Fix inaccurate information in your account

Delete

Request deletion of your personal data

Opt Out

Unsubscribe from marketing communications

To exercise these rights, contact privacy@diffray.ai

Frequently Asked Questions

Can diffray employees see my code?

No. Code is processed automatically by AI and deleted after review. Our team does not have access to customer source code during normal operations. There's no mechanism to access it even if we wanted to.

Is my code used to train AI models?

No. Your code is never used for training AI models. We use Claude AI through Anthropic's API, which does not train on customer data. Your code is processed and forgotten.

Where is my code stored during review?

Your code is temporarily cloned into an ephemeral container that exists only for the duration of the review. This container has no persistent storage and is completely destroyed when the review completes.

What happens when I disconnect a repository?

Your repository metadata and review history are deleted within 90 days. Since we never store source code, there's nothing to delete on that front.

What happens when I delete my account?

Account data is retained for 30 days (in case you change your mind), then permanently removed along with all associated review history.

Do you sell or share code with third parties?

Absolutely not. We never share your code with anyone. The only entities that access your code are our AI agents during the review process, and they don't retain any information.

Security Questions?

Found a vulnerability? Have security concerns? We take security seriously and appreciate responsible disclosure.

security@diffray.ai Privacy Policy

Ready to Try?

Your code stays yours. We just make it better.

Start Free Trial

No code storage

No AI training

No human access

We Never StoreYour Source Code