Security & Privacy

Scitor is designed with security and privacy at its core. Your customer data stays within your GitHub repository and Scitor’s secure infrastructure β€” it’s never shared with third parties, never used for training, and always under your control.

Data handling

What Scitor stores

Data Where Purpose
Email metadata (sender, subject) GitHub Issue body Displayed to your support team
Email body GitHub Issue body Full email content for team review
Attachments Cloud storage (R2) Linked from the issue body
Blocked sender hashes Scitor database SHA-256 hashes only β€” original emails not stored
Contact profiles Scitor database (Enterprise) Tags, notes, company, interaction history
CSAT responses Scitor database Rating and optional comment
Suggestion votes Scitor database Anonymous hash of voter identity
Support metrics Scitor database Daily counts of inbound/outbound/forms

What Scitor does NOT store

  • Email content after processing β€” once the GitHub Issue is created, Scitor does not retain a copy of the email
  • Plain-text email addresses for blocked senders β€” only SHA-256 hashes are stored
  • Voting identity β€” suggestion votes are stored as anonymous hashes, not personal information
  • AI analysis input β€” email content is analyzed in real-time and not persisted by the AI service

AI privacy

Scitor’s AI analysis runs entirely on Cloudflare Workers AI β€” within Cloudflare’s infrastructure, not through external AI services like OpenAI or Anthropic.

  • Email content is only used for the current analysis request
  • Content is truncated to 16,000 characters before analysis
  • Control characters and potential prompt injections are sanitized
  • No data is sent to third-party AI services
  • No data is used for model training

Tip

If your organization requires that email content is never processed by any AI system, you can disable AI analysis entirely:

ai: false

Email security

Inbound

  • Emails are received via a secure email provider (SendGrid) with SPF/DKIM verification
  • Each repository gets a unique, random inbound email address β€” not guessable
  • Spam scoring is applied to every email automatically
  • Blocked senders are checked before any processing occurs

Outbound

  • Outbound emails are sent through Postmark or SendGrid with full email authentication
  • Custom sender domains require SPF, DKIM, and DMARC verification before use
  • Unsubscribe headers are included in every outbound email (CAN-SPAM compliant)
  • Survey links use unique cryptographic tokens with 30-day expiry

Form security

Web forms and docs contact forms include multiple layers of protection:

  • Honeypot field β€” catches automated bots without affecting real users
  • Cloudflare Turnstile β€” privacy-preserving CAPTCHA alternative (no tracking cookies)
  • Rate limiting β€” 10 submissions per IP per hour, 5 per email per hour
  • Input validation β€” all form inputs are validated and sanitized server-side

Data isolation

  • All data is scoped to your GitHub App installation
  • No data is shared across organizations or repositories
  • Contact database, CSAT data, and suggestion votes are isolated per installation
  • Block lists are per-installation

Infrastructure

Scitor runs on Cloudflare Workers β€” a globally distributed, edge-computing platform:

  • Requests are processed at the Cloudflare edge location nearest to the sender
  • Data at rest is stored in Cloudflare D1 (SQLite), R2 (object storage), and KV (key-value)
  • All connections use HTTPS/TLS
  • No self-hosted infrastructure to maintain or secure

GitHub permissions

Scitor requests only the permissions it needs:

Permission Access Purpose
Issues Read & Write Create issues from emails, post comments, manage labels
Discussions Read & Write Create discussions, post comments (when configured)
Contents Read Read docs folder for knowledge base, read saved reply templates
Metadata Read Repository metadata for configuration

Info

Scitor does not request access to your code, pull requests, actions, or any other repository content beyond what’s needed for support operations.

Compliance considerations

  • GDPR: Customer email addresses can be hashed (blocked senders) or stored only within your GitHub repository (which you control). Contact database data can be deleted by removing the contact. AI processing has no data retention.
  • CAN-SPAM: All outbound emails include unsubscribe headers and honor unsubscribe requests automatically.
  • Data portability: All support data lives in your GitHub repository as Issues/Discussions β€” you own it and can export it at any time using GitHub’s standard tools.

Related Articles

Blocked Senders Block specific email addresses from creating issues in your repository. Contact Database Automatically build a contact database from inbound emails with tags, notes, and company tracking. Spam Detection How Scitor identifies and labels potential spam emails.

Scitor β€” Turn GitHub into your support platform

Can't find what you're looking for?

Send us a message and we'll get back to you.

↡ to select Β· ↑↓ to navigate Β· esc to close