Security & Privacy
Advancing the Future of Software Development
We enable developers and organizations to maximize their potential by prioritizing security, privacy, compliance, and transparency as we develop and iterate on CodeVista.
Motivation & Significant
With the increasing reliance on AI-driven solutions, vast amounts of sensitive and personal data are processed daily. Ensuring the confidentiality, integrity, and availability of this data is crucial to maintain user trust and comply with stringent data protection regulations
The digital landscape is fraught with cyber threats, in- cluding malware, phishing, and ransomware attacks. By implementing comprehensive security measures, CodeVista aims to protect our infrastructure and customers from these ever-present risks.
Adhering to global and regional data protection laws such as GDPR, CCPA, and others is not only a legal requirement but also a business imperative. Compliance demonstrates our commitment to safeguarding user data and upholding the highest standards of data privacy and security.
CodeVista has a responsibility to promote and adhere to best practices in software security. This White Paper aims to outline our security protocols and encourage the adoption of similar practices across the industry.
Trust is the foundation of any successful relationship, particularly in the realm of software and technology. By transparently communicating our security measures and commitment to protecting user data, we aim to build and sustain longterm trust with our customers and partners.
Security
At CodeVista, we prioritize the security and privacy of our users’ data. We implement robust security measures to ensure that all data interactions within our platform are protected against unauthorized access and breaches. Our multi-layered security approach includes secure transmission, encryption, third-party testing, and certification, providing comprehensive protection for our users.
- Data Encryption in Transit: CodeVista uses Transport Layer Security (TLS) to encrypt data during transmission. This ensures that data exchanged between users and our services is protected against interception and unauthorized access, maintaining the confidentiality and integrity of the information.
- Data Encryption at Rest: For data stored within our infrastructure, CodeVista employs industry standard encryption protocols in compliance with FIPS Publication 140-2 standards. This ensures that data remains secure even when stored, protecting it from unauthorized access and potential breaches.
To further enhance our security posture, CodeVista undergoes rigorous third-party testing and certification processes. These evaluations ensure that our security controls are effective and compliant with industry standards.
- Audits and Certifications: CodeVista has achieved several industry-recognized certifications, including SOC 2 Type I, demonstrating that we have the necessary controls in place to protect the security of our services. We are also working towards obtaining a SOC 2 Type II certification, which will further validate the effectiveness of our security practices over time.
- ISO 27001 Certification: CodeVista is included in the scope of our partner’s Information Security Management System, as reflected in our ISO 27001 certification. This certification demonstrates our commitment to implementing robust security processes and standards across our platform.
- External Penetration Testing: CodeVista undergoes regular external penetration testing to identify and address potential vulnerabilities. These tests are conducted by reputable third-party security firms and provide us with actionable insights to enhance our security measures continuously.
Adhering to global and regional data protection laws such as GDPR, CCPA, and others is not only a legal requirement but also a business imperative. Compliance demonstrates our commitment to safeguarding user data and upholding the highest standards of data privacy and security.
- Access Controls: We implement strict access controls to ensure that only authorized personnel have access to sensitive data. This includes role-based access controls (RBAC) and multi-factor authentication (MFA) to verify user identities.
- Regular Security Assessments: CodeVista conducts regular security assessments and vulnerability scans to identify and mitigate potential security risks. These assessments help us to stay ahead of emerging threats and continuously improve our security posture.
- Incident Response Plan: We have a comprehensive incident response plan in place to quickly and effectively address any security incidents that may arise. This plan includes procedures for detecting, reporting, and responding to security breaches, ensuring minimal impact on our users and services.
- Data Anonymization:To further protect user privacy, CodeVista anonymizes data whenever possible. This reduces the risk of identifying individuals from the data, enhancing overall privacy and security.
Privacy
CodeVista processes personal data based on how the data is accessed and used, whether through various IDE extensions or features like command line interface (CLI) suggestions and IDE code completions.
- User Engagement Data: This includes pseudonymous identifiers captured from user interactions with CodeVista, such as accepted or dismissed completions, error messages, system logs, and product usage metrics.
- Prompts: These are inputs for chat or code, along with contextual information, sent to CodeVista’s AI to generate suggestions. Suggestions: These are the AI-generated code lines or chat responses provided to users based on their prompts.
- Feedback Data: This comprises real-time user feedback, including reactions (e.g., thumbs up/down) and optional comments, as well as feedback from support tickets. CodeVista is committed to ensuring the privacy and security of user data through several key measures.
All user data processed by CodeVista undergoes anonymization and pseudonymization techniques to protect user identities. Personal identifiers are replaced with pseudonymous identifiers, and only the minimal amount of data necessary for generating suggestions is collected.
Data transmitted to and from CodeVista is encrypted using industry-standard protocols, such as Transport Layer Security (TLS). Data at rest is also encrypted using advanced encryption standards (AES) to ensure that sensitive information is protected against unauthorized access.
CodeVista’s AI models are hosted on secure instances provided by trusted partners, such as Azure and Google GCP. These instances are compliant with various security standards and certifications, ensuring a robust security framework for data processing and storage.
Access to personal data within CodeVista is restricted to authorized personnel only, based on role-specific permissions. Comprehensive access control measures and continuous mon- itoring ensure that data is accessed and handled in accordance with privacy policies.
CodeVista undergoes regular security audits and compliance checks to ensure adherence to industry standards and regulations. These audits help identify and mitigate potential vulnerabilities, ensuring ongoing compliance with privacy laws such as GDPR and CCPA.
Users have control over their data through transparent privacy settings and options to manage their personal information. CodeVista provides clear privacy notices and user- friendly interfaces for managing data preferences and consent.
CodeVista adheres to strict data retention and deletion policies, ensuring that personal data is stored only for as long as necessary to fulfill the purposes for which it was collected. Users can request the deletion of their data at any time, and CodeVista will promptly comply with such requests.
In the event of a data breach or security incident, CodeVista has established incident response protocols to quickly address and mitigate the impact. Users will be promptly notified of any incidents that may affect their personal data, along with the steps taken to resolve the issue.
Intellectual Property
When addressing intellectual property and open source issues, it is essential to understand how CodeVista operates. The AI models powering CodeVista’s suggestions may be trained on publicly available code, but they do not store or replicate any code. Instead, when generating a suggestion, CodeVista does not “copy and paste” from any existing codebase.
To generate a code suggestion, the CodeVista extension examines the code in your editor. It focuses on the lines immediately before and after your cursor and considers additional context, such as other files open in your editor and relevant repository or file path information. This contextual information is sent to CodeVista’s model, which makes a probabilistic determination of the most likely next steps and generates appropriate suggestions.
When generating a suggestion for chat within the code editor, the CodeVista extension creates a contextual prompt. It combines your initial prompt with additional context from the open code file, your code selection, and general workspace information, including frameworks, languages, and dependencies. This comprehensive context is sent to CodeVista’s model, which then generates relevant suggestions based on probabilistic analysis.
For generating suggestions in chat on the CodeVista platform, such as answering a query from your chat prompt, CodeVista creates a contextual prompt by integrating your prompt with previous chat history, open pages on the CodeVista platform, and retrieved context from your codebase or external sources like Bing search. This contextual information is processed by CodeVista’s model to provide the most likely and relevant suggestions.