Security First

Built for teams that take security seriously

WhyDit is designed with privacy-first principles from the ground up. Your decisions stay yours.

We read only what you choose to share

WhyDit reads ticket titles and descriptions from tools you connect. We never read code, diffs, file contents, or communications. The same fields your team already types into Linear or Jira.

AI suggests. Humans confirm.

Every AI-generated decision shows a confidence score. Nothing is treated as truth until a team member confirms it. Full audit trail of who confirmed what and when.

Don't want AI? Turn it off.

Privacy Mode disables AI entirely. Your team captures context manually. Nothing is sent to any AI provider. Togglable per workspace at any time.

Bring your own Anthropic key

Enterprise teams can use their own Anthropic API key. AI calls go directly from your system to Anthropic — WhyDit never sees the content.

Enterprise-grade infrastructure

Encryption

  • TLS 1.2+ in transit
  • AES-256 at rest
  • OAuth tokens encrypted before storage
  • No plaintext secrets anywhere

Compliance

  • Neon (database): SOC 2 Type II
  • Vercel (hosting): SOC 2 Type II
  • Anthropic API: No training on API data

Access control

  • OAuth-based tool connections
  • Workspace-scoped data isolation
  • Admin roles for decision management
  • Audit log of all connections
SOC2
Type II Compliant
GDPR
Data Privacy
HIPAA
Ready
ISO
27001 Stds

Security FAQ

What data does WhyDit send to Anthropic?

🗄️
Only the ticket/issue title and description — the same text already visible to every member of your workspace. Never code, diffs, or file contents. Anthropic's API policy prohibits using API data for model training.

Can I use WhyDit without AI?

🗄️
Yes. Privacy Mode disables all AI calls. Your team captures context manually. Nothing leaves your workspace. Toggle it in workspace settings at any time.

Where is my data stored?

🗄️
In a Neon PostgreSQL database (SOC 2 Type II) in your chosen region. You can export all your decisions as CSV at any time from your dashboard.

What happens if I disconnect a tool?

🗄️
Your decisions remain in your WhyDit dashboard. Disconnecting a tool removes the OAuth connection — it does not delete historical decisions. You can delete decisions individually or export and delete your entire workspace.

What if WhyDit shuts down?

🗄️
All your data is exportable as CSV from your dashboard at any time. Your decisions are yours — not stored in a proprietary format you can't access.

Who at WhyDit can access my data?

🗄️
Only for support purposes when explicitly requested by a workspace admin. We do not access customer data by default.

Is there a self-hosted option?

🗄️
Not yet. Contact ship@whydit.com if self-hosting is a requirement for your organisation — it's on our roadmap.

How do I report a security vulnerability?

🗄️
Email ship@whydit.com with subject [SECURITY]. We respond within 48 hours. See our full security policy at whydit.com/legal/security.

Have a specific security requirement?

We work with security teams on enterprise evaluations. Get in touch.

Talk to us → ship@whydit.comRead our full security policy →