Skip to main content
Effective Date: January 27, 2025 Keeping your database environments and source code secure is critically important to us. If you discover a vulnerability, please report it to security@tembo.io.

Certifications

Tembo is SOC 2 Type 1 certified and commits to annual third-party penetration testing to ensure the highest security standards.

Infrastructure Security

Tembo’s infrastructure is built on trusted subprocessors, each serving a specific role in our system:
SubprocessorPurposeDetails
AWSFront-end and API infrastructureUS-based hosting
Tembo CloudSystem metadata storageSecure metadata management
AnthropicAI modelsZero data retention agreement
LangFuseAI process tracingObservability and monitoring
SentryException trackingError monitoring and debugging
StripeBillingPayment processing
ClerkAuthenticationUser authentication and management

Security Practices

  • No infrastructure in China - All infrastructure is located in trusted regions
  • Least-privilege access - Access is granted on a need-to-know basis
  • Multi-factor authentication - Required for all AWS access
  • Network-level controls - Protected by network segmentation and firewalls
  • Secrets-based access - Secure credential management and rotation

AI Requests and Data

When you use Tembo, AI requests include context such as viewed files and conversation history. Code data is sent to our AWS infrastructure for processing. Important: You own all the code generated by Tembo.

Account Deletion

You can delete your account at any time through the Settings dashboard. When you delete your account:
  • Complete data removal occurs within 30 days
  • Deleted data will not be used in future model training
  • All associated repositories and integrations are disconnected

Vulnerability Disclosure

We take security reports seriously and follow a responsible disclosure process:
  1. Acknowledgment - We acknowledge reports within 5 business days
  2. Investigation - Our security team investigates the reported vulnerability
  3. Resolution - We work to resolve confirmed vulnerabilities promptly
  4. Disclosure - Results are published on our GitHub security page

Critical Incidents

In the event of a critical security incident, we will:
  • Communicate via GitHub security advisories
  • Send email notifications to affected users
  • Provide detailed information about the incident and remediation steps

Contact

For security concerns or vulnerability reports, please contact us at security@tembo.io.