Lineman handles code and tool output for engineering teams, so security isn't a page we refresh once a year. It's part of the product. Your code passes through our service to be compressed, so how we protect that data, your account, and our infrastructure matters as much as the token savings do.
This post is a high-level look at how we approach security. The living detail, including our independent audit and the certifications we're working towards, is on the Security page.
Independently assessed
We don't just grade our own homework. Lineman is continuously assessed by an independent external security platform that covers code scanning, dependency vulnerabilities, secrets detection, cloud posture, and container image analysis across our production infrastructure. Our audit report is published and can be requested directly from the Security page.
Working towards formal certification
Our internal security programme is built around recognised information-security frameworks, and we're actively engaged with auditors to obtain formal attestation against each one. We'll update the Security page as each certification is awarded. Until then we describe them as in progress rather than claiming a status we haven't earned.
Protecting your code
The strongest data protection is not keeping data you don't need:
- Transient processing. Your code is processed in real time and discarded after the response is delivered, so there's no persistent store of your files to breach.
- Never used for training. Your content is never used to train or fine-tune models.
- Separation of concerns. Operational usage data (task types, token counts, latency) is anonymised and stored separately from any code you process.
The data-handling commitments behind these points are set out in our Privacy Policy.
Protecting your account
Around your account we maintain authentication controls and keep security logs: login events, IP addresses, API access patterns, and anomaly-detection signals. They're there to detect and respond to suspicious activity, and they protect you and the wider service. The Privacy Policy describes what we keep.
A continuous posture
Security at Lineman is ongoing work, not a finish line. We run continuous external assessment, monitor for anomalies, and treat incident response as a first-class part of operating the service. As the programme matures we'll keep the Security page current, so you can always see where things stand.
If you have a security question, a disclosure, or want to request our audit report, get in touch via contact. We take reports seriously and respond quickly.