Legal

Security

How SnowCoder protects your data and maintains security

Last updated: June 4, 2026

Last Updated: June 4, 2026

1. Our Commitment to Security

Security is a top priority at SnowCoder. We implement comprehensive security controls to protect your data, your ServiceNow credentials, and the integrity of our platform. This page describes the controls and standards we operate against today.

2. Commercial guarantees, in plain English

The four operating principles below are not engineering trade-offs - they are guarantees we make to every customer. They are how SnowCoder behaves by design.

  • Per-tenant isolation: Each customer has their own ServiceNow instance record. The credentials we hold are encrypted at rest with a per-record salt - even if the database were breached, the passwords aren’t readable as plain text.
  • Two clearly separated lanes: Humans work interactively in Yeti Chat; AI agents do their work on schedules. No accidental crossover between operator actions and agentic activity.
  • Destructive-change confirmation: “Looks like it deployed” isn’t enough. Every destructive operation comes back to a human for explicit approval; every deploy is confirmed with no surprise deletions.
  • Token budget is a hard stop: A misbehaving agent cannot burn through your money. The budget is a hard stop, not a polite warning. The heal loop caps spend per build (HealBudget) before any retry exhausts the balance.

3. Compliance status

  • GDPR: Compliant. Data Processing Agreement available. Data residency pinned to the AWS region of your choice on Enterprise plans (any EU region available).
  • OWASP Top 10: All 10 categories addressed (account lockout per CWE-307, CSRF protection, input validation, encoded output).
  • PCI DSS: Compliant via Stripe (PCI Level 1 certified). No card data is stored in our application.
  • NIST 800-63B: Compliant (12+ character passwords, bcrypt 12 rounds, timing-safe comparison).
  • SOC 2 Type II: In progress. Target: Q3 2026.
  • ISO 27001:2022: 78% control implementation (73 of 93 Annex A controls). Gap assessment complete; ISMS documentation in progress. Target: Q4 2026.

Independent security audit score: 82/100 (Grade B), February 2026.

Request the full Security Pack →

4. Data protection

  • At rest: AES-256-GCM with per-record random salt and PBKDF2 key derivation (100,000 iterations). Authentication tags prevent tampering.
  • In transit: TLS 1.3 minimum.
  • ServiceNow credentials: encrypted before storage; decrypted in-memory only during authenticated API calls.
  • AI processing: all Claude API calls routed through Cloudflare AI Gateway for audit logging, cost control, and rate limiting.

5. OAuth 2.1 with secret rotation

All programmatic access to SnowCoder uses OAuth 2.1 with PKCE (S256 code challenge) - the same standard banks use for high-value transactions.

  • Dynamic Client Registration (RFC 7591) - MCP clients self-register; no manual onboarding.
  • Refresh-token rotation - every refresh issues a new access and a new refresh token. Old tokens expire immediately.
  • Replay-attack detection - if a refresh token is replayed (e.g. stolen), SnowCoder revokes the entire token chain, invalidating both the legitimate token and the stolen one. The user is forced to re-authenticate.
  • Granular scopes - six scopes (mcp:read, mcp:write, kb:read, projects:read / projects:write, builds:read / builds:write) so MCP clients receive only the permissions they need.

6. API keys for server-to-server access

For headless agents, scripts, or CI pipelines, SnowCoder supports bearer API keys issued from the SnowCoder UI. Each key:

  • Carries the issuing user’s identity and project scope.
  • Format sk_live_<22-char-prefix>.<32-char-secret> - only the prefix is stored after creation.
  • Can be revoked instantly from the UI; revocation is effective on the next request.
  • Has an optional allow_auto_approve toggle for unattended build pipelines.
  • All requests are audit-logged with user, IP, and key identifier.

7. Edge & infrastructure security

  • Cloudflare Zero Trust with JWKS JWT verification for admin access.
  • Cloudflare WAF with OWASP rules.
  • Cloudflare Turnstile (bot protection, fail-closed).
  • Cloudflare DDoS protection (L3-L7).
  • DNSSEC enabled.
  • Admin layers: email whitelist + IP whitelist + rate limiting + comprehensive audit logging.
  • Infrastructure: AWS with VPC isolation, deployed in the region of your choice. EU Sovereign option available for customers needing zero cross-border AI transfers.

8. What we log

Every privileged action - admin login, configuration change, build approval, deploy, ServiceNow credential change - is logged with:

  • User identity (or API key identifier)
  • IP address + timestamp
  • The action performed and target object

Logs are immutable and retained for 90 days (longer on enterprise plans). Available for export via the SnowCoder UI or programmatically via MCP.

9. Security Assurance Pack

We maintain a detailed Security Assurance Pack that documents our security architecture, controls, policies, and compliance measures. This document covers:

  • Infrastructure and architecture security
  • Data protection and encryption practices
  • Authentication and access control mechanisms
  • Network security and monitoring
  • Incident response procedures
  • Compliance with industry standards
  • Third-party security assessments

Need our full security questionnaire pre-filled? Most enterprise security teams ask for it. We have one ready. Reply to [email protected] - we send it the same day.

Penetration test summary, DPA, SOC 2 Type I auditor report (under NDA), control matrix, vulnerability disclosure policy - all available on request.

10. Contact

Team Email
Security [email protected]
Enterprise Sales Request enterprise pricing · [email protected]
General [email protected]

11. Reporting security issues

If you discover a security vulnerability, please report it responsibly to [email protected]. We take all security reports seriously and will respond promptly.