SECURITY_UPLINK:ACTIVE

ZERO_RETENTION:TRUE

TLS:1.3

TENANT_ISOLATION:ENABLED

BACKFILL_MODE:PASS_THROUGH

Zero‑Retention
Architecture

Déjà is designed as a pass‑through analysis layer: we hash what your stack traces mention and discard raw payload immediately. We never store your source code. We never ingest customer PII. We only retain deterministic proof artifacts.

NON‑GENERATIVE GUARANTEELEGAL / POLICY

No Generative Models

Terms explicitly prohibit training on customer data. Déjà performs deterministic matching only — no hallucination surface.

> MODE: DETERMINISTIC_MATCH_ENGINE

> TRAINING: DISABLED

> OUTPUT: PROVEN_FIX_REFERENCES

DATA MINIMIZATIONRETENTION

Metadata Retention Only

We retain hashes, fingerprints, and correlation evidence. Raw incident payloads are destroyed at ingestion.

normalize(payload) // in-memory

fp = sha256(normalized)

store(fp, linkage) // evidence-only

destroy(payload) // immediate

ISOLATIONTENANTS

Customer Vaults Are Isolated

Each tenant has a logically isolated vault, scoped tokens, and audit trails — enforced by policy and infrastructure.

POLICY: least_privilegeTOKEN: scopedAUDIT: immutable

Vault Architecture

> ingest → normalize → hash → validate → discard> ingest→normalize→hash→validate

CUSTOMER SYSTEMS

Observability

SentryDatadogCloudWatch

Source Control

GitHubGitLabBitbucket

DÉJÀ PROCESSING

Normalize

Paths, line numbers, and environment noise are canonicalized.

Hash

sha256 fingerprints generated in-memory.

Payload Destruction

Raw payload discarded immediately after hashing.

Validate

Gates ensure match confidence is provable.

CUSTOMER VAULT TENANT

Isolated Storage

EVIDENCE_ONLYKMS_ENCRYPTED

Tenant Controls

RBACSAML/SSOSCOPED_API_KEYS

Security Controls Overview

LIVE_CONTROLS // VERIFIEDLIVE_CONTROLS

DATA PROTECTION

> UPLINK_ENCRYPTION: TLS_1.3

Encryption in transit across all ingress and egress paths.

> AT_REST: KMS_AES_256

Evidence artifacts encrypted with tenant-scoped keys.

> RETENTION: ZERO_PAYLOAD

Raw payload discarded after hashing (pass-through processing).

ACCESS & OPERATIONS

> ACCESS: LEAST_PRIVILEGE_RBAC

Scoped tokens and role boundaries across Vault actions.

> AUDIT_LOGS: IMMUTABLE

Critical actions recorded for review, compliance, and incident forensics.

> VULN_MGMT: CONTINUOUS

Ongoing dependency scanning and security posture monitoring.

The data we do NOT touch

BOUNDARIES // NON‑NEGOTIABLEBOUNDARIES

OUT‑OF‑BOUNDS

> SOURCE_CODE_REPOSITORIES

We store fingerprints, not code. Your repositories remain yours.

> CUSTOMER_PII / USER_DATABASES

We do not ingest end-user records or application data payloads.

> ENV_VARS / SECRETS

Secrets are never collected or stored. Period.

Security review ready.

We'll walk your security team through access scopes, retention behavior, tenant isolation, and evidence storage. Bring your questionnaire — we'll bring the proof.

Contact Security Team View Privacy Policy

Zero‑RetentionArchitecture