Security and Privacy

At Codice, we take our customers' data privacy and security very seriously. Below, we outline the policies and measures implemented to ensure the protection and proper use of the code and data processed in our system.

We never access the code

Codice’s solution is self-contained within a virtual machine that runs in the client’s infrastructure, applying the same security policies as any other internal applications or systems.

Only three systems need to be integrated:

• Continuous Integration System: Responsible for transparently invoking Codice when it needs to generate or maintain unit tests for the new code, without the developer's direct involvement.

• Code Repository: Codice accesses the code to generate or modify the necessary unit tests. Once done, it automatically commits them to the repository.

• OpenAI: Used for test generation through its API.

Both the Continuous Integration system and the Code Repository are likely within the same infrastructure, following the company's security guidelines. The only external connection required is for the integration with OpenAI.

We never send complete code files

The code sent through the OpenAI API is divided into the minimum necessary fragments to generate each test. We ensure that full classes are not sent to maintain code privacy.

No AI model is trained with the code

We do not train our models or third-party models with customer code. The OpenAI API endpoint used is /v1/chat/completions, which guarantees that the data provided is not used for training any models, as reflected in OpenAI's endpoint usage policies.

Code is not stored

Codice only stores data for the time necessary to generate the tests, after which all project code is permanently deleted. All code remains within the client's infrastructure. Additionally, we ensure that the OpenAI services that we use delete the data after processing, as mentioned in their documentation. This means no trace of the code remains in our system or OpenAI's system. As an added measure, we have requested OpenAI to activate the 'Zero Retention Data' policy for Codice.

OpenAI Security

Further documentation on OpenAI’s privacy and compliance can be found here. The relevant specifications for Codice are related to the “API Platform,” which is SOC 2 Type 2 certified, among other certifications.