We are a software company and fully understand that your source code is the heart of your business. We are building all our applications on Semaphore too. Here are the measures that we employ to ensure all code is safe.
Semaphore relies on GitHub and Bitbucket to access source code. Semaphore does not store any passwords. Your credentials are retrieved using OAuth and code is transferred to Semaphore via GitHub API and Bitbucket API over HTTPS. Each project imported to Semaphore is assigned a unique SSH key with a strong password which is automatically added to GitHub/Bitbucket as a deploy key.
All data exchanged between Semaphore machines is transmitted using SSL. Every build is executed in a fully isolated, single-run virtual machine, and tracked through a local private SSH connection.
No Rendered Text employees ever access source code repositories unless required to for support reasons. Support staff may log into your account to access settings related to your support issue. Support staff does not have access to clone any repo. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue.