CodiumAI Security: Our Commitment to Data Privacy and Security

CodiumAI Security

In today’s digital landscape, where data is a valuable asset, CodiumAI recognizes that providing secure and private solutions is not just an option – it’s a responsibility. We understand that you might have questions regarding CodiumAI security issues, and we’re here to address them head-on. Below, we outline our rigorous policies and technologies that reflect our uncompromising commitment to data privacy and security.

CodiumAI Security: Our Commitment to Data Privacy and Security

Taking Privacy Seriously

The cornerstone of CodiumAI data privacy is the idea that your data is your own and deserves the highest level of security. We take privacy seriously; it’s not an afterthought but an integral part of how we operate and design our products.

Security Measures

We are proud to announce that our security measures include SOC2 Type II certification, 2-way encryption, secrets obfuscation, and TLS/SSL for secure payment. These measures are in place to safeguard your information, guaranteeing that it remains confidential and integral. For more information, please visit our trust center at https://trust.codium.ai/

Fair and Transparent Business Model

Products under the CodiumAI umbrella are available at no cost to individual developers, offering them the resources they need to excel in their projects. Our revenue is generated from the Teams and Enterprise plans, which come with additional features tailored to the operational scale of larger organizations, such as specialized hosting solutions and tools for preparing pull requests.

Responsible Data Utilization

We use data from our free-tier users to improve our AI models, ensuring that we generate meaningful test suites, code documentations and reviews for our users. Given that we specialize in tests and text – and not general-purpose code – the risk of exposing sensitive code or intellectual property is virtually nonexistent.
However, we understand and respect that some users might have privacy concerns. That’s why we provide a simple, open for all, opt-out option. Users can simply email [email protected] to request an opt-out from data utilization for model training.

Data Retention and Usage

Data of our paid subscribers (or within the trial periods) will never ever be used to train our AI models. In fact, Teams and Enterprise users’ data is deleted from all CodiumAI storages within 48 hours. The 48-hour storage is solely for troubleshooting purposes, so if you prefer zero retention (immediate deletion), then let us know.
Our strict Data Retention Policy ensures enhanced privacy and compliance, and it’s available for all our paid subscribers to review (available in our trust center at https://trust.codium.ai/ ).

Enterprise and Teams users can choose to use CodiumAI models that were not trained on users’ data.

Data Gathering and Data Flow

CodiumAI’s current product offering includes two sub-products: Codiumate IDE plugins & CodiumAI PR-Agent:

Codiumate IDE plugins: CodiumAI only analyzes the code necessary to give it enough context to generate meaningful tests, analysis, and suggestions for the `code-under-test` (CUT).

The CUT is selected by you (the developer), e.g., by selecting the componant in the chat, marking code or clicking on the button related to a certain component.

Then, CodiumAI builds a dependency graph and gathers additional relevant code, limited to about 800 lines of code that are most related to the CUT (such as called or calling code components).

The CUT and the additional gathered lines of codes are securely sent to the CodiumAI backend. More about CodiumAI data security can be found at https://trust.codium.ai/.

CodiumAI then executes self-served algorithms, as well as several AI inferences, either with its self-served proprietary AI models or OpenAI APIs. OpenAI is obliged to delete the data that CodiumAI is sending to it and not utilize the data to train its models. OpenAI is obligated to zero data retention for CodiumAI paid users.

CodiumAI PR-Agent: If you use the free self-hosted PR-Agent with your OpenAI API key, it is between you and OpenAI. You can read OpenAI API data privacy policy here: https://openai.com/enterprise-privacy
The same goes if you use other LLM providers.

When using a PR-Agent Pro version, hosted by CodiumAI, we will not store any of your Code or Pull Request data, nor will we use it for training.
You will benefit from our zero-data-retention OpenAI account that is used in CodiumAI-hosted PR-Agent Pro.
For certain clients, CodiumAI-hosted PR-Agent Pro will use CodiumAI’s proprietary models — if this is the case, you will be notified.

No passive collection of Code and Pull Requests’ data — PR-Agent will be active only when you invoke it, and it will then extract and analyze only data relevant to the executed command and queried pull request.

Note that upon calling the /similar_issue command, Issues data is temporarily gathered and stored in a vectorDB.
The gathered data consists solely of information from the Issues’ threads, with no extra related data being retrieved.

Conclusion

Our commitment to data privacy and security is unwavering. We continually invest in the latest technologies and certifications to address CodiumAI security issues effectively. By adhering to strict data retention policies and providing transparent options for data usage, we aim to create a safe and respectful environment for all our users.

Your trust is our top priority, and we’re committed to earning it every day. Feel free to reach out with any questions or concerns; we’re here to support you in any way we can. Also, please don’t hesitate to contact us to suggest other security or data handling policies to complete our trust suite.

For any concerns or suggestions: [email protected]

Together, let’s build an intelligent software development world in which code integrity is seamless

More from our blog