Documentation

Security & Privacy

Security Roadmap

This page is deliberately honest about what is in place today versus what is on the roadmap. Malveon does not claim certifications it has not earned.

In place today

  • OAuth-based connections you authorize and can revoke.
  • AES-256-GCM encryption of stored OAuth tokens at rest.
  • HMAC signature verification on Slack, GitHub, Jira, and Linear webhooks.
  • Per-tenant data isolation on every query.
  • Local-only source scanning in the Malviont extension (code never leaves your editor).

On the roadmap

Formal certifications such as SOC 2 are a roadmap priority. We will claim them only after a third-party audit signs them off, not before. The same applies to HMAC verification for the connections that do not yet sign by default (Microsoft Teams, Confluence, Google Docs).

If a specific control matters for your evaluation, email support@malveon.com and we will tell you exactly where it stands.