Security

Lineman handles code and tool output for engineering teams, so security is part of the product — not a page we update once a year. Below is what we run today, what's audited by independent third parties, and which formal certifications we are working towards.

Independent security audit

Lineman is continuously assessed by Aikido Security, an external platform covering code scanning, dependency vulnerabilities, secrets detection, cloud-posture, and container image analysis across our production infrastructure. Our live audit report is published and can be requested below.

Secured by Aikido — view security audit report

Certifications in progress

Our internal security programme is built around the frameworks below, and we are actively engaged with our auditors to obtain formal attestation against each one. We'll update this page as each certification is awarded.

  • ISO/IEC 27001

    In progress

    International standard for information security management — the controls covering how we identify, treat, and monitor risk to customer data.

  • ISO/IEC 27701

    In progress

    Privacy extension to ISO 27001 — extends our information-security programme to cover personal data and the obligations of a data processor.

  • SOC 2 Type II

    In progress

    AICPA attestation covering security, availability, and confidentiality of the Lineman service over a continuous observation window.

ISO/IEC 27001 and ISO/IEC 27701 are trademarks of the International Organization for Standardization. SOC 2 is a trademark of the American Institute of Certified Public Accountants. Official certification marks will appear on this page once each audit concludes; Lineman makes no claim to current certification under these schemes.

How we protect your data

  • Encryption in transit and at rest

    All traffic to and from the Lineman API is TLS-encrypted. Customer data at rest is encrypted using cloud-provider managed keys.

  • Least-privilege access

    Engineer access to production systems is limited, role-scoped, audit-logged, and reviewed regularly.

  • No training on customer data

    Code and prompts that pass through Lineman are not used to train any model. See our privacy policy for the full data-handling terms.

  • Continuous vulnerability monitoring

    Dependencies, container images, infrastructure, and source code are continuously scanned by Aikido. Findings flow into our triage process with documented response targets.

Reporting a vulnerability

If you believe you've found a security vulnerability in Lineman, please email security@lineman.io. We acknowledge reports within one business day and will keep you updated through resolution.

Last updated: May 2026