UptoDocs LogoUptoDocs

Security & Trust

This page explains how Docify handles permissions, data, and AI usage.

Docify is designed to meet the expectations of security-conscious teams and enterprise reviewers.

Permissions Used

Docify requests only the permissions required to function safely.

Repository Permissions

  • Contents (Read & Write)
    Used to read code and documentation and propose documentation changes via pull requests.

  • Pull Requests (Read & Write)
    Used to open and update documentation pull requests.

  • Issues (Write)
    Used for optional notifications (e.g. drift reports, upgrade notices).

  • Metadata (Read)
    Required by GitHub for basic repository access.

Docify does not request:

  • Admin permissions
  • Secrets access
  • Workflow execution permissions

No Code Execution

Docify never executes your code.

  • No builds
  • No test runs
  • No scripts
  • No containers
  • No CI integration required

All analysis is static and read-only.

No Auto-Merging

Docify never merges pull requests.

Every documentation change:

  • Is proposed via a pull request
  • Requires explicit human approval
  • Can be edited, rejected, or closed

This is a strict design rule.

Data Handling

Docify operates primarily in real time.

  • Repository content is read only when needed
  • Data is processed transiently to generate diffs and documentation
  • No full repository snapshots are stored long-term

Docify does not:

  • Persist your source code
  • Maintain a shadow copy of your repository
  • Replicate your documentation outside GitHub

AI Usage Policy

Docify uses AI sparingly and conservatively.

AI may be used for:

  • Improving phrasing of documentation text
  • Explaining code changes in plain language
  • Filling small, structured documentation templates

AI is never used to:

  • Decide what changed in your code
  • Invent features or APIs
  • Rewrite large documentation sections
  • Merge changes automatically

All AI-generated content is:

  • Reviewable
  • Scoped
  • Optional

What Is Never Stored

Docify never stores:

  • Repository secrets
  • Environment variables
  • Runtime credentials
  • Production data
  • Private keys
  • Long-term code archives

Billing and identity are handled entirely by GitHub Marketplace.

Summary

  • Minimal permissions
  • No code execution
  • No auto-merging
  • Conservative AI usage
  • No sensitive data storage

Docify is designed to be easy to approve in security reviews.

If you have additional security questions, contact us before installing.

Public API & Component Detection

Docify identifies public-facing elements that require documentation updates.

FAQs

Next Page

On this page

Permissions UsedRepository PermissionsNo Code ExecutionNo Auto-MergingData HandlingAI Usage PolicyWhat Is Never StoredSummary