Skip to main content
When you use Codepure to scan your applications, you are trusting us with your most valuable asset. We designed our infrastructure to ensure your data stays secure and compliant with GCC regulations.

1. Local GCC Hosting

To comply with the Saudi Personal Data Protection Law (PDPL) and National Cybersecurity Authority (NCA) guidelines, all core infrastructure for our GCC clients is hosted locally.
  • Cloud Provider: Google Cloud Platform (GCP)
  • Region: Dammam, Saudi Arabia (me-central2)
  • Data Guarantee: Your account data, scan metadata, and vulnerability reports do not leave this region.

2. What Happens to Your Source Code?

We have a strict “Zero Storage” policy for your actual source code.
  • What we do: When you trigger a scan, Codepure pulls your code into a temporary, isolated memory environment. We scan it for vulnerabilities, generate the security report, and instantly destroy the temporary environment.
  • What we DO NOT do: We never permanently store, copy, or back up your proprietary source code on our servers.

3. Regulatory Compliance

By keeping data local and refusing to store your source code, using app.codepure.com helps your organization meet strict compliance frameworks, including:
  • NCA ECC-1:2024 (Essential Cybersecurity Controls)
  • SAMA (Saudi Central Bank Cyber Security Framework)
  • PDPL (Personal Data Protection Law)
If your IT Audit team needs more specific architecture diagrams, please contact us at fahad@codepure.com.