GitKraken Desktop Documentation

Downloads  
Contact support  
Feedback  
GitKraken.com  
GitKraken Status  

GitKraken Desktop – Data Security and Storage Practices

Last updated: March 2026

This page explains GitKraken Desktop data security and storage practices, including what information GitKraken services collect, how that data is secured in transit and at rest, and how SOC 2 report access works. Use it when reviewing security posture, storage locations, or compliance-related documentation for GitKraken Desktop.

Requirements and limits

  • This page summarizes GitKraken cloud-service data handling and storage practices; it is not a product configuration guide.
  • Security details vary by service, so use the table below for service-specific storage and encryption information.
  • Data in transit is secured with TLS across the listed services.
  • SOC 2 reports are available only to Business and Enterprise customers and require a signed MNDA through the Trust Center.

How GitKraken Desktop services collect and store information

The following table summarizes the data GitKraken Desktop services collect and how GitKraken stores that data.

Service Data collected Transfer security Storage location Storage security
Workspaces/Insights Repository info: URL, org name, repo name, and issue count.
Pull request info: URL, author, title, description, comment count, and PR state.		 Encrypted with TLS MongoDB Atlas Encrypted at rest (AES-256)
Teams & Users Repo-relative file paths, number of lines changed, name of branch currently checked out, first commit SHA of the repository Encrypted with TLS MongoDB Atlas Encrypted at rest (AES-256)
Subscriptions Billing info: name, payment type (credit card, paypal, ACH, etc.), last four digits of payment method, zip code, country, credit card type (mastercard, visa, etc.) Encrypted with TLS MongoDB Atlas Encrypted at rest (AES-256)
Launchpad URLs of issues and pull requests, issue tracker and Git provider filters for saved views Encrypted with TLS Postgres (RDS) Encrypted at rest (AES-256)
Cloud Patches Info related to the patch (repo name/URL/provider/base branch name/etc.) + the patch content itself. Encrypted with TLS Patch info is stored in a Postgres database, patch content is stored in AWS S3. SSE-S3, which uses 256-bit Advanced Encryption Standard (AES-256)
Proactive Conflict Detection Repo-relative file paths, name and commit SHA of relevant branches, names of files changed, line numbers with changes, and first commit SHA of the repository Encrypted with TLS Redis (max TTL of 108 hours) Encrypted at rest (AES-256)

How to request the SOC 2 report

GitKraken and its tools are SOC 2 certified. To request a copy of the SOC 2 report, visit the Trust Center to start the request process. GitKraken requires a signed MNDA before providing a copy of the report.

SOC 2 reports are only available for Business and Enterprise customers.

Have feedback about this article? Did we miss something? Let us know!
On this page
Products
Pricing
Help Center
GitKraken Desktop
GitLens
Git Integration for Jira
Community

Learn Git Library
Git Blog
Git Conference
Ambassador Program
Customers
Newsletter
Slack Community
GitKraken for Students
GitKraken for Educators
Store
Keif Gallery

Company

Contact Us
About Us
Careers
Customers
Media
News
Awards
Events
Press Releases
Logos
Privacy

Twitter Slack Youtube Linkedin

© 2026 Axosoft, LLC DBA GitKraken