Security
How we protect your code and data
Rams is designed with security as a core principle. Here's how we protect your code and data across all our products.
Rams for Agents (/rams)
The /rams command is the most secure option — no data ever reaches our servers:
- rams.md is a static text file with no code execution
- All processing happens in your local AI tool
- We never see your code, files, or AI responses
- No network requests during /rams usage
- No telemetry or analytics embedded in the file
Rams for CI/CD (GitHub Action)
When you use our GitHub Action for automated design review:
- Code is analyzed in memory and immediately discarded
- We never store your source code
- Only usage metrics are stored (file count, duration, score)
- Minimal GitHub permissions (read contents, write PR comments)
Data Flow (CI/CD)
- GitHub Action triggers on pull request
- UI files are read from your repository
- Code sent to our Worker API via HTTPS
- Worker sends code to Anthropic Claude for analysis
- Results posted as PR comment
- Code discarded immediately after analysis
Infrastructure
- All communication encrypted with TLS
- API keys hashed with SHA-256 before storage
- Row Level Security on all database tables
- Rate limiting on all API endpoints
Service Providers
- Vercel — Website hosting (SOC 2 Type II)
- Supabase — Database (SOC 2 Type II)
- Railway — Worker API (SOC 2 Type II)
- Anthropic — AI analysis (SOC 2 Type II, code not used for training)
- GitHub — CI/CD integration (SOC 2 Type II)
Compliance
- GDPR compliant
- CCPA compliant
- All infrastructure providers SOC 2 certified
Maximum Security Options
For agents: Use the /rams command — runs entirely locally in your AI tool with zero data transmitted to us.
For CI/CD: Contact us about self-hosted deployment options for enterprise customers with strict compliance requirements.
Report a Vulnerability
Found a security issue? Email rams@rams.ai — we respond within 24 hours.