Security & data handling

ProdVerdict is a deterministic contract engine. Evaluation does not use LLMs. Secrets stay in your CI runner or local environment.

What we store

The cloud dashboard stores verdict metadata only: contract name, pass/warn/fail, structured findings, and timestamps.

We do not store Stripe subscription rows, Paddle customer data, database contents, or API keys in plaintext.

Where checks run

Access checks read billing and Postgres using credentials from your GitHub Actions secrets or local shell. Data is compared in memory on your runner and discarded.

Config and migration checks scan your repository and environment variables in CI — not on ProdVerdict servers.

Fail-closed

Missing STRIPE_SECRET_KEY, DATABASE_URL, or invalid config causes exit code 2 — never a silent pass.

API keys

Project API keys are stored as hashes. Rotate keys from the project setup page if compromised.