Security, Compliance & Transparency

Your data is valuable to you and safe with us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Customers, data & transparency are at our core

Athenian is a customer-first, data-centric and transparent culture of high standards.

Our values reflect on our product, on how we operate and on those we choose to work with.

We value as much as you the quality, security & privacy of your data.
That is by design and we are proud of it.

Engineered to keep you safe

Safe CodeFully EncriptedSane PermissionsCloud based

Sane Permissions

You choose which repositories and Jira projects Athenian tracks.

Athenian asks only for the essential permissions.

Safe Code

Athenian calculates metrics from the metadata.

Athenian never clones repositories nor stores source code.

Fully Encrypted

All data is encrypted when in transit and at rest.

Athenian does not store user authentication data.


Athenian infrastructure runs on Google Cloud Platform.

We run the latest patches, inside a private network, with strict access permissions.

Holistic Security

All auth, data access & infra providers are secure.

All providers are SOC 1/2/3, ISO27001 and/or PCI compliant.
Holistic Security

Secure, compliant and transparent, inside out


Your data is secure at every step

Data confidentiality goes further than technology. It is about choice, transparency and responsibility.

We only request what is needed, and always let you know beforehand. You choose what to share, and can always opt-out.

We process & store the least data as possible to provide you a great product. When we must do so, we keep it truly secured and isolated.

Your data, your choice

  • Choice and consent
    We obtain your consent prior to any data collection (see our Terms of Service) and privacy is fully respected (see our Privacy Policy).
  • Responsible permissions
    You choose what repositories and projects to opt-in & out.
    We only have read permissions, never write.
    We only request permissions that are essential.
  • No source code
    We do not use your source code, nor clone or store code repositories.
    We only use metadata to calculate your metrics and filter any code that may be there.
  • Opt-out and data removal
    You can opt repositories or projects out at any point.
    Athenian purges or archives data according to customer requests or legal and regulatory mandates.

Secure and confidential

  • Secure access
    Users identify & authenticate via Auth0 (ISO 27001, SOC 2, PCI) using GitHub (2FA, SOC 1/2/3, PCI) or SAML. We don't store any personal information.
  • Encryption in transit and at rest
    All data in transit is encrypted using TLS.
    All data is stored using AES-256 or better, with encrypted & rotated symmetric keys.
  • Solid infrastructure
    Athenian runs on Google Cloud Platform (ISO27001, SOC 1/2/3, PCI). The environment is isolated and firewalled, IP-filtered, VPC/VPN with ACL. Instances are always up-to-date, and configured with scalability, redundancy & backups.
  • Confidential and isolated
    All customer data is at the most strict level of our internal Data Classification Policy.
    Your data is never used for development: we use mock & our own data in isolated dev & QA environments.

Built with care and transparency

Contexts change, your problems evolve. So does their solutions in our product.

We rely on rigorous process to deliver the features you need while keeping new bugs at bay. And we act swiftly when necessary.

Our transparency puts you on top of things from day one. We want your partnership to build you a great product.

Built with care

  • Safe changes
    Prior to reaching production, changes are made in code branches and go through code review, testing, CI/CD and QA steps, involving multiple people and separate environments with no customer data.
  • Traceability
    We version-control our source code and infrastructure via Git & Github and have logs of the versions and individuals involved.
  • Reliability
    Incidents are communicated, logged and tracked down to resolution via a priority workflow; rollback procedures are available.
  • Vulnerabilities
    Monitored internally by the team and automation (Vanta, Snyk, GCP Container Analysis, dependabot, semgrep and more) and externally via independent penetration testing and according to our Vulnerability Disclosure Policy.

Transparency from day one


Trust from every perspective

Secure systems, reliable product, responsible procedures and transparent terms are invaluable means to build and maintain trust.

Yet ultimate trust only comes when you know you can trust the people standing behind an organization and its product.

We at Athenian take extra steps to ensure we are held to these high standards internally as well as those we work with and rely upon to deliver you the product you truly trust.

People you can trust

  • Leadership
    The executives of Athenian are directly involved in security & compliance to ensure we stand by our values in practice.
  • Team
    Team members are screened for our values, background-checked, sign confidentiality agreements on hire and must follow strict policies on digital and physical information security; violations may lead up to termination.
  • Permissions
    Strict policies provide access on a least permissions, per-role basis. They are reviewed and revoked on a regular schedule and per event.
  • Secure access
    The company provides secure workstations, security training, and best practices to the team. 2SV-enabled G-Suite SSO ensures the identity & authentication.

World-class partners

  • Trusted third-party providers
    Auth0 (ISO 27001, SOC 2, PCI).
    Google Cloud (ISO 27001, SOC 1/2/3, PCI).
    Github (SOC 1/2/3, PCI).
    Atlassian (SOC, ISO 27001, PCI) .
  • Trusted payment processor
    Stripe (PCI certified, TLS encrypted).
    No payment information is ever stored by Athenian.
  • Vendor assessment
    All vendors and providers are individually filtered based on their reputation, security, data permissions and risk added or mitigated.