Documentation

Security & Privacy

Data Handling

Malveon is a context layer, not a copy of your tools. This page is the plain account of what it reads, what it stores, and what it deliberately does not touch.

What Malveon reads

Malveon reads metadata over OAuth: pull request titles and statuses, task and issue state, deploy and incident events, message and discussion content in the channels you select. It reads what it needs to assemble context and no more.


What it does not touch

  • It does not read or transmit your source code. The Malviont Deploy Safety scanner runs locally in your editor; only file paths and environment-variable names leave the extension, never the code itself.
  • It does not write to your tools unless you ask it to (creating an issue, posting a notification, exporting a decision).
  • It does not require an agent or proxy on your infrastructure.

Tenant isolation

Every query is scoped to your company. You only ever see your own team’s data. The leadership portfolio view enforces this twice: once in the query and once with an assertion after the read.