Security
EU-only. No asterisks. This page is the single reference for how Codebahn protects your data. Each section links to the detailed page where the full specifics live.
Infrastructure
Section titled “Infrastructure”All infrastructure runs in the EU. Primary compute and storage on Scaleway in Paris, France. Encrypted backups on Hetzner in Falkenstein, Germany. Every sub-processor is EU-incorporated. No data leaves the EU for storage, processing, or analytics.
The company behind Codebahn is Hackerman AB, incorporated in Sweden. Swedish law governs all contracts. The US CLOUD Act does not apply: there is no US entity in the chain.
Full details: Sovereignty and data residency and Sub-processors.
Encryption
Section titled “Encryption”Data is encrypted in transit and at rest.
- In transit: TLS 1.2+ for all connections, TLS 1.3 where both endpoints support it. SSH for Git operations.
- At rest: AES-256 via Scaleway managed encryption for block storage, object storage, and managed PostgreSQL.
- Backups: Encrypted client-side with Restic before upload. Hetzner stores ciphertext only; they cannot read your data.
Authentication
Section titled “Authentication”Codebahn supports multiple authentication methods:
- Web login: Email verification codes. No password required to sign in.
- Two-factor: TOTP-based 2FA (any authenticator app).
- Git operations: SSH key authentication.
- API and CI: Scoped personal access tokens with granular permissions (e.g.
read:package,write:package). - OAuth: For integrations between Codebahn services.
Passwords, where stored, are hashed with PBKDF2 (320,000 iterations).
Tenant isolation
Section titled “Tenant isolation”Codebahn is a shared-instance multi-tenant service. Each customer is a Forgejo organization. Isolation is enforced at multiple layers:
- Private by default. All users, organizations, and repositories are private. Public repository hosting is not offered. There is no “instance-public” visibility that would leak data between tenants.
- No enumeration. Explore pages, user search, and organization search are blocked. One tenant cannot discover that another tenant exists.
- Scoped runners and variables. CI runners and variables are registered at organization scope. Global runners and global variables are not used.
- Access control. Forgejo enforces repository and organization permissions at the data layer (SQL-scoped queries). Cross-tenant API requests return 404, not 403.
CI runner isolation
Section titled “CI runner isolation”CI jobs run in ephemeral virtual machines, not shared containers.
- Kernel-level separation. Each tenant gets its own VM. A container escape compromises only that tenant’s own jobs, not other customers.
- Ephemeral lifecycle. VMs are provisioned on demand and terminated after idle timeout. No state carries between runs.
- Network controls. Runner VMs reach package registries and download hosts over HTTPS and DNS only. SSH-based git fetches, non-standard ports, and the cloud metadata endpoint (
169.254.0.0/16) are blocked. - Scoped registration. Each runner is registered to a single organization. It can only pick up jobs from that organization.
For runner specs, image contents, and compatibility details, see CI runners.
Backups and disaster recovery
Section titled “Backups and disaster recovery”Daily encrypted backups. Stored on a separate provider (Hetzner) in a separate EU region (Falkenstein, Germany) from the primary infrastructure (Scaleway, Paris). Verified weekly with tested restore procedures.
- Retention: 7 daily + 4 weekly snapshots.
- Account closure: Data remains accessible read-only for 30 days after termination. Backups rotate out within 90 days of deletion.
- Billing records: Kept for seven years, as Swedish bookkeeping law requires.
Patching
Section titled “Patching”We target applying security patches within 24 hours of upstream Forgejo release. OS-level security updates are applied automatically. Codebahn tracks Forgejo stable releases and applies fixes as they ship, not on a monthly cycle.
Data portability
Section titled “Data portability”One-click export in standard Forgejo format. The archive includes all repositories (full Git history), issues, pull requests, labels, milestones, releases, and reviews. No ticket required, no waiting period.
Full details: Exporting your data.
Vulnerability disclosure
Section titled “Vulnerability disclosure”If you find a security issue, report it to security@codebahn.net. See the full vulnerability disclosure policy for scope, response timeline, and safe harbor.
Incident response
Section titled “Incident response”When something goes wrong, we follow a structured process: detect, classify, fix, communicate, review. See incident response for the full process and communication timeline.
What we do not have yet
Section titled “What we do not have yet”We do not hold ISO 27001 or SOC 2 Type II. If your procurement requires signed audit reports today, we are not your vendor yet. We intend to pursue certification; we are not there now.
We do have a Data Processing Agreement that follows GDPR Article 28, with audit rights, breach notification within 48 hours, and sub-processor change notification.
Availability
Section titled “Availability”Service status and incident history: status.codebahn.net.
We target 99.9% monthly uptime for the Git API, web interface, and CI runner API. This is a target, not a contractual SLA with financial remedies.
Trust resources
Section titled “Trust resources”- Sovereignty and data residency for the legal and jurisdictional details
- Sub-processors for the service-by-service list
- CI runners for runner specs and compatibility
- Exporting your data for the no-lock-in guarantee
- Privacy Policy on the main site
- Terms of Service on the main site
- Data Processing Agreement on the main site
- security.txt for automated security contact discovery