← Back

Security

How we protect your code and data

Rams is designed with security as a core principle. Here's how we protect your code and data across all our products.

Rams for Agents (/rams)

The /rams command is the most secure option — no data ever reaches our servers:

  • rams.md is a static text file with no code execution
  • All processing happens in your local AI tool
  • We never see your code, files, or AI responses
  • No network requests during /rams usage
  • No telemetry or analytics embedded in the file

Rams GitHub App

When you install the Rams GitHub App for automated design reviews:

  • Minimal permissions: read repository contents and write pull request reviews
  • We only access files changed in the pull request, not your entire repo
  • Code is analyzed in memory and immediately discarded after review
  • We never store your source code — only review metadata (score, issue count, duration)
  • You choose which repositories to enable — we never review repos you haven't opted in

How a Review Works

  1. You open or update a pull request on an enabled repository
  2. GitHub sends a webhook to Rams with the PR metadata
  3. Rams fetches the changed UI files using a short-lived installation token
  4. Files are sent to our review engine and analyzed by Anthropic Claude
  5. A scored review with inline fix suggestions is posted directly on the PR
  6. Source code is discarded immediately — nothing is stored

Infrastructure

  • All communication encrypted with TLS
  • GitHub App tokens are short-lived and scoped to a single installation
  • Row Level Security on all database tables
  • Rate limiting on all API endpoints

Service Providers

  • Vercel — Website hosting (SOC 2 Type II)
  • Supabase — Database (SOC 2 Type II)
  • Railway — Worker API (SOC 2 Type II)
  • Anthropic — AI analysis (SOC 2 Type II, code not used for training)
  • GitHub — CI/CD integration (SOC 2 Type II)

Compliance

  • GDPR compliant
  • CCPA compliant
  • All infrastructure providers SOC 2 certified

Maximum Security Options

For local use: Use the /rams skill — runs entirely locally in your AI editor with zero data transmitted to us.

For enterprise: Contact us about self-hosted deployment options for teams with strict compliance requirements.

Report a Vulnerability

Found a security issue? Email rams@rams.ai — we respond within 24 hours.

HSLA0001 Inc.