Skip to content
speed TrimCI
  • ← Home
  • Loss calculator
  • Why TrimCI
  • Reality report
  • Pricing
  • Sign in
  • Start free
Dark mode

Security at TrimCI

Last updated: 18 July 2026

TrimCI is built around one promise: we analyze your CI/CD pipelines without ever touching your source code. This page describes, in concrete terms, what we access, how we protect it, and where your responsibilities begin. We would rather show you specifics than badges.

1. What we never access

We never read your source code, workflow YAML files, commit diffs, or any repository file. Our GitHub App requests only two read-only permissions (Actions and repository metadata) — never repository contents. GitLab's API offers no scope that narrow, so we enforce the boundary ourselves: a runtime allowlist inside our HTTP clients rejects any request outside pipeline, job, and project-listing endpoints before it leaves our servers. Extending that allowlist requires a code change and a code review — an accidental request into repository contents is technically impossible.

2. What we do process

  • Account data: your email address and a salted password hash.
  • Pipeline metadata: run and job names, timing, durations, statuses, conclusions, branches, trigger events, and the username of the person who triggered each run.
  • Failed-job log excerpts: the last 8,000 characters of failed jobs only, stored compressed, automatically deleted after 30 days.
  • Web analytics: cookie-less, self-hosted page-view records on our own EU servers — no raw IP stored, irreversible daily-rotating visitor identifier, no third-party analytics vendor.
  • Product-milestone events: records that an account or organization reached a service milestone (e.g. first sync, first report); detached from the account on deletion.

3. Hosting and infrastructure

The service runs on Hetzner infrastructure in the European Union. The application, databases, queues and the AI model live in the same isolated environment; databases are not exposed to the public internet. Data does not leave the European Economic Area — see the sub-processor list.

4. Encryption

  • In transit: all traffic — browser to TrimCI, and TrimCI to provider APIs — uses TLS.
  • At rest: CI provider credentials (GitLab tokens) are encrypted with Fernet (AES-based) before storage; GitHub access uses short-lived installation tokens minted per request.
  • Credentials hygiene: authorization headers are redacted from logs; passwords are stored only as salted hashes.

5. AI processing — self-hosted by design

Optimization recommendations are generated by a language model hosted on our own infrastructure. Your logs and pipeline data are never sent to OpenAI, Anthropic, or any external AI provider. Before a log excerpt reaches the model, known secret formats (cloud keys, provider tokens) are redacted.

6. Access control

Every account requires email verification. Data is isolated per organization, and the organization context is validated on every request — a user can only ever see data of organizations they belong to. Management actions (connecting providers, selecting repositories, generating recommendations) are restricted to owner and admin roles.

7. Data retention and deletion

DataRetention
Failed-job log excerpts30 days, automatic permanent deletion
Pipeline metadataLife of the organization; deleted when the organization is deleted
Account dataUntil account deletion
Web analytics recordsKept as service statistics; no raw IP, irreversible visitor identifier (daily salt rotation)
Product-milestone eventsKept as service statistics; detached from the account on deletion

8. Your responsibilities

  • Grant least scope: use the read_api scope for GitLab tokens (group tokens recommended), and install the GitHub App only on the repositories you want analyzed.
  • Keep organization membership current: remove members who leave your team, and rotate provider tokens on offboarding.
  • Protect your account credentials; TrimCI will never ask for your password by email.
  • Avoid printing secrets or personal data in CI logs — log excerpts of failed jobs reach the service (with secret redaction as a safety net, not a substitute).

9. Reporting a vulnerability

If you believe you have found a security vulnerability, email office@trimci.com with "SECURITY" in the subject. We respond within 72 hours. We will not pursue legal action against good-faith research that respects user data and does not disrupt the service.

10. Compliance posture

We are GDPR-first: an EU-registered business, EU-only hosting and processing, a public Privacy Policy, a self-serve Data Processing Agreement that applies to every organization automatically, and a published sub-processor list. We do not currently hold a SOC 2 attestation — at our size we invest in the concrete measures on this page instead, and this page is kept current as the service evolves.

11. Changes and contact

Material changes to our security posture are announced to customers and reflected here with an updated date. Security questions: office@trimci.com.

© 2026 TrimCI
Features Calculator Pricing Security
Privacy Policy Terms of Service DPA Sub-processors mail office@trimci.com