Security

Last updated: 03/02/2025

At CodeBeaver, we prioritize the security of our customers' data. If you have any questions about our security measures, we welcome your inquiries at info@codebeaver.ai and will provide prompt responses. Our Security Practices page outlines all administrative, technical, and physical safeguards in place at CodeBeaver.

Hosting

Hosting and Architecture CodeBeaver is provided as a cloud-based service, leveraging industry-leading infrastructure providers to ensure maximum security and reliability.

Cloud Infrastructure

Our infrastructure is hosted on Amazon Web Services, Inc. ('AWS') and Digital Ocean. Information about security provided by AWS is available from the AWS Security website, and Digital Ocean's security practices can be found on their Security documentation. Both providers maintain extensive security and privacy-related audits and certifications, including SOC reports, which are available on their respective compliance websites.

AI Infrastructure

CodeBeaver utilizes both OpenAI and Anthropic's API platforms for AI inference. Information about their security practices can be found at:

• OpenAI Enterprise Privacy page
• Anthropic Trust Center

These third-party service providers constitute data sub-processors of Customer Content and are bound by strict data protection requirements and security controls.

Storage of Customer Data

CodeBeaver implements robust security measures for handling and storing customer data. Our data storage practices include:

• Secure storage of customer data using encrypted databases on AWS and Digital Ocean
• Implementation of strict access controls and monitoring
• Regular security audits and updates
• Automated backup systems with encryption at rest

Data Retention and Deletion

We maintain clear policies regarding data retention and deletion: Customers may request return of their data within 60 days post contract termination Administrator-initiated deletion triggers hard deletion of all Customer Data from production systems within 24 hours Backups are destroyed within 30 days, except during ongoing security investigations

Confidentiality and Security Controls

Access Controls

CodeBeaver maintains strict controls over employee access to Customer Data:

• Employee access is granted on a need-to-know basis
• All system access is logged and monitored
• Technical controls and audit policies ensure accountability
• Regular access reviews are conducted

Employee Policies

All employees and contractors are bound by:

• Comprehensive confidentiality agreements
• Regular security training and updates
• Strict information security policies
• Background checks prior to employment

Monitoring and Validation

SOC 2 Type II

CodeBeaver is actively working towards SOC2 Type II compliance. We are committed to aligning with prevailing industry standards such as SOC 2 Type II, or any successor or superseding standards.

GDPR Compliance

CodeBeaver is fully compliant with the General Data Protection Regulation (GDPR). We are committed to protecting the privacy rights of individuals in the European Economic Area (EEA) and worldwide. Our GDPR compliance includes:

• Processing personal data lawfully, fairly, and transparently
• Collecting and processing data only for specified, explicit, and legitimate purposes
• Ensuring data minimization and accuracy
• Implementing appropriate technical and organizational security measures
• Respecting and facilitating data subject rights
• Maintaining records of processing activities
• Ensuring lawful data transfers outside the EEA
• Prompt notification of data breaches when required

We regularly review and update our practices to ensure ongoing GDPR compliance. For detailed information about our data processing practices and your rights under GDPR, please refer to our Privacy Policy. For more information about how we handle your data, please refer to our Privacy Policy.

Security Assessments

We maintain a robust security assessment program that includes: Regular internal security audits Continuous automated security scanning Periodic third-party security assessments Regular security patches and updates

Privacy and Security Training

Our commitment to security extends to our team through:

• Mandatory privacy and security training during onboarding
• Ongoing security awareness education
• Regular policy reviews and updates
• Comprehensive information security policy acknowledgment

Contact Information

For security-related questions or concerns, please contact us at info@codebeaver.ai. For more information about how we handle your data, please refer to our Privacy Policy.