Qodo Security: Our Commitment to Data Privacy and Security

qodo Security: Our Commitment to Data Privacy and Security

In today’s digital landscape, where data is a valuable asset, qodo (formerly Codium) recognizes that providing secure and private solutions is not just an option – it’s a responsibility. We understand that you might have questions regarding qodo (formerly Codium) security issues, and we’re here to address them head-on. Below, we outline our rigorous policies and technologies that reflect our uncompromising commitment to data privacy and security.

Taking Privacy Seriously

The cornerstone of qodo (formerly Codium) data privacy is the idea that your data is your own and deserves the highest level of security. We take privacy seriously; it’s not an afterthought but an integral part of how we operate and design our products.

Security Measures

We are proud to announce that our security measures include SOC2 Type II certification, 2-way encryption, secrets obfuscation, and TLS/SSL for secure payment. These measures are in place to safeguard your information, guaranteeing that it remains confidential and integral. For more information, please visit our trust center at https://trust.qodo.ai/

Fair and Transparent Business Model

Products under the qodo (formerly Codium) umbrella are available at no cost to individual developers, offering them the resources they need to excel in their projects. Our revenue is generated from the Teams and Enterprise plans, which come with additional features tailored to the operational scale of larger organizations, such as specialized hosting solutions and tools for preparing pull requests.

Responsible Data Utilization

We use data from our free-tier users to improve our AI models, ensuring that we generate meaningful test suites, code documentations and reviews for our users. Given that we specialize in tests and text – and not general-purpose code – the risk of exposing sensitive code or intellectual property is virtually nonexistent.
However, we understand and respect that some users might have privacy concerns. That’s why we offer an easy, accessible opt-out option. Users can log into the portal at https://app.qodo.ai/ to request to opt out of data usage for model training or to delete their account entirely.

Data Retention and Usage

Data of our paid subscribers (or within the trial periods) will never ever be used to train our AI models. In fact, Teams and Enterprise users’ data is deleted from all qodo (formerly Codium) storages within 48 hours. The 48-hour storage is solely for troubleshooting purposes, so if you prefer zero retention (immediate deletion), then let us know. Enterprise and Teams users can choose to use qodo (formerly Codium) models that were not trained on users’ data.
Our strict Data Retention Policy ensures enhanced privacy and compliance, and it’s available for all our paid subscribers to review (available in our trust center at https://trust.qodo.ai/ ).

Data Gathering and Data Flow

qodo (formerly Codium)’s current product offering includes two sub-products: Qodo Gen IDE plugins & Qodo Merge:

Qodo Gen IDE plugins: qodo (formerly Codium) only analyzes the code necessary to give it enough context to generate meaningful tests, analysis, and suggestions for the `code-under-test` (CUT).

The CUT is selected by you (the developer), e.g., by selecting the componant in the chat, marking code or clicking on the button related to a certain component.

Then, qodo (formerly Codium) builds a dependency graph and gathers additional relevant code, limited to about 800 lines of code that are most related to the CUT (such as called or calling code components).

The CUT and the additional gathered lines of codes are securely sent to the qodo (formerly Codium) backend. More about qodo (formerly Codium) data security can be found at https://trust.qodo.ai/.

Qodo (formerly Codium) then executes self-served algorithms, as well as several AI inferences, either with its self-served proprietary AI models or OpenAI APIs. OpenAI is obliged to delete the data that qodo (formerly Codium) is sending to it and not utilize the data to train its models. OpenAI is obligated to zero data retention for qodo (formerly Codium) paid users.

Qodo Merge: If you use the free self-hosted Qodo Merge with your OpenAI API key, it is between you and OpenAI. You can read OpenAI API data privacy policy here: https://openai.com/enterprise-privacy
The same goes if you use other LLM providers.

When using a Qodo Merge Pro version, hosted by qodo (formerly Codium), we will not store any of your Code or Pull Request data, nor will we use it for training.
You will benefit from our zero-data-retention OpenAI account that is used in qodo-hosted Qodo Merge Pro.
For certain clients, qodo-hosted Qodo Merge Pro will use qodo’s (formerly Codium) proprietary models — if this is the case, you will be notified.

No passive collection of Code and Pull Requests’ data — Qodo Merge will be active only when you invoke it, and it will then extract and analyze only data relevant to the executed command and queried pull request.

Note that upon calling the /similar_issue command, Issues data is temporarily gathered and stored in a vectorDB.
The gathered data consists solely of information from the Issues’ threads, with no extra related data being retrieved.

Conclusion

Our commitment to data privacy and security is unwavering. We continually invest in the latest technologies and certifications to address qodo (formerly Codium) security issues effectively. By adhering to strict data retention policies and providing transparent options for data usage, we aim to create a safe and respectful environment for all our users.

Your trust is our top priority, and we’re committed to earning it every day. Feel free to reach out with any questions or concerns; we’re here to support you in any way we can. Also, please don’t hesitate to contact us to suggest other security or data handling policies to complete our trust suite.

For any concerns or suggestions: [email protected]

Together, let’s build an intelligent software development world in which code integrity is seamless