In today’s digital landscape, where data is a valuable asset, qodo recognizes that providing secure and private solutions is not just an option – it’s a responsibility. We understand that you might have questions regarding qodo security issues, and we’re here to address them head-on. Below, we outline our rigorous policies and technologies that reflect our uncompromising commitment to data privacy and security.
Taking Privacy Seriously
The cornerstone of qodo data privacy is the idea that your data is your own and deserves the highest level of security. We take privacy seriously; it’s not an afterthought but an integral part of how we operate and design our products.
Security Measures
We are proud to announce that our security measures include SOC2 Type II certification, 2-way encryption, secrets obfuscation, and TLS/SSL for secure payment. These measures are in place to safeguard your information, guaranteeing that it remains confidential and integral. For more information, please visit our trust center at https://trust.codium.ai/
Fair and Transparent Business Model
Products under the qodo umbrella are available at no cost to individual developers, offering them the resources they need to excel in their projects. Our revenue is generated from the Teams and Enterprise plans, which come with additional features tailored to the operational scale of larger organizations, such as specialized hosting solutions and tools for preparing pull requests.
Responsible Data Utilization
We use data from our free-tier users to improve our AI models, ensuring that we generate meaningful test suites, code documentations and reviews for our users. Given that we specialize in tests and text – and not general-purpose code – the risk of exposing sensitive code or intellectual property is virtually nonexistent.
However, we understand and respect that some users might have privacy concerns. That’s why we offer an easy, accessible opt-out option. Users can log into the portal at https://app.qodo.ai/ to request to opt out of data usage for model training or to delete their account entirely.
Data Retention and Usage
Data of our paid subscribers (or within the trial periods) will never ever be used to train our AI models. In fact, Teams and Enterprise users’ data is deleted from all qodo storages within 48 hours. The 48-hour storage is solely for troubleshooting purposes, so if you prefer zero retention (immediate deletion), then let us know. Enterprise and Teams users can choose to use qodo models that were not trained on users’ data.
Our strict Data Retention Policy ensures enhanced privacy and compliance, and it’s available for all our paid subscribers to review (available in our trust center at https://trust.codium.ai/ ).
Data Gathering and Data Flow
qodo’s current product offering includes two sub-products: Qodo Gen IDE plugins & Qodo Merge:
Qodo Gen IDE plugins: qodo only analyzes the code necessary to give it enough context to generate meaningful tests, analysis, and suggestions for the `code-under-test` (CUT).
The CUT is selected by you (the developer), e.g., by selecting the componant in the chat, marking code or clicking on the button related to a certain component.
Then, qodo builds a dependency graph and gathers additional relevant code, limited to about 800 lines of code that are most related to the CUT (such as called or calling code components).
The CUT and the additional gathered lines of codes are securely sent to the qodo backend. More about qodo data security can be found at https://trust.codium.ai/.
qodo then executes self-served algorithms, as well as several AI inferences, either with its self-served proprietary AI models or OpenAI APIs. OpenAI is obliged to delete the data that qodo is sending to it and not utilize the data to train its models. OpenAI is obligated to zero data retention for qodo paid users.
Qodo Merge: If you use the free self-hosted Qodo Merge with your OpenAI API key, it is between you and OpenAI. You can read OpenAI API data privacy policy here: https://openai.com/enterprise-privacy
The same goes if you use other LLM providers.
When using a Qodo Merge Pro version, hosted by qodo, we will not store any of your Code or Pull Request data, nor will we use it for training.
You will benefit from our zero-data-retention OpenAI account that is used in qodo-hosted Qodo Merge Pro.
For certain clients, qodo-hosted Qodo Merge Pro will use qodo’s proprietary models — if this is the case, you will be notified.
No passive collection of Code and Pull Requests’ data — Qodo Merge will be active only when you invoke it, and it will then extract and analyze only data relevant to the executed command and queried pull request.
Note that upon calling the /similar_issue command, Issues data is temporarily gathered and stored in a vectorDB.
The gathered data consists solely of information from the Issues’ threads, with no extra related data being retrieved.
Conclusion
Our commitment to data privacy and security is unwavering. We continually invest in the latest technologies and certifications to address qodo security issues effectively. By adhering to strict data retention policies and providing transparent options for data usage, we aim to create a safe and respectful environment for all our users.
Your trust is our top priority, and we’re committed to earning it every day. Feel free to reach out with any questions or concerns; we’re here to support you in any way we can. Also, please don’t hesitate to contact us to suggest other security or data handling policies to complete our trust suite.
For any concerns or suggestions: [email protected]
Together, let’s build an intelligent software development world in which code integrity is seamless
Qodo Team
