Last updated: April 30th, 2025

Keeping your source code and developer environment secure is important to us. This page outlines how we approach security for Charlie. For any security-related questions or to submit potential vulnerabilities, feel free to contact us at hello@charlielabs.ai.


Certifications and Third-Party Assessments

We are in process of obtaining our SOC 2 Type I certification with Vanta.


Terminology

  • Sees your code – Has an entire copy of the repository.
  • Sees code snippets – Access is limited to fragments (e.g., a pull‑request diff) of your code.
  • Does not see your code – Has no access to your repository or code snippets.

Providers

  • GCPSees code snippets – We use GCP for our primary infrastructure and secret management.
  • SentrySees code snippets – We use Sentry for error monitoring and logging.
  • OpenAISees code snippets – Used for inference.
  • AnthropicSees code snippets – Used for inference.
  • RunloopSees your code – Provides isolated and secure VM environments for Charlie.
  • SerpAPIDoes not see your code – Used to search the internet.
  • Optional: SlackSees code snippets – If you connect your Slack workspace, Charlie may respond to messages with code snippets.
  • Optional: LinearSees code snippets – If you connect your Linear workspace, Charlie may respond to comments with code snippets.

Data Security

  • We do not use any open‑source hosting/training or DeepSeek AI models.
  • Charlie exclusively uses OpenAI, Anthropic, and Google as AI service providers.

Access Control

  • The GitHub user account @CharlieHelps has the access you granted through GitHub.
  • The GitHub App CharlieCreates has the access you granted through GitHub.
  • @CharlieHelps uses multi-factor authentication (MFA).
  • All interactions with @CharlieHelps are handled exclusively with encrypted private GitHub tokens.

Infrastructure

  • We use Google Cloud Platform (GCP) for our primary infrastructure.
  • We enforce multi-factor authentication for all GCP accounts.
  • We use Terraform for infrastructure-as-code to track and review changes.
  • We assign infrastructure access on a least-privilege basis.
  • We use both network-level controls and secrets to restrict resource access.

How We Use Your Data

  • We use your data to evaluate Charlie’s performance (e.g., diagnosing failures, measuring feature usage).
  • We do not sell your data to third parties.
  • We do not use your data for any purpose other than providing you with Charlie.
  • We store the minimum data necessary to achieve our business goals.
  • Your source code is never used for training or fine-tuning any machine-learning or language models.
  • Aggregated feedback signals you provide (e.g., thumbs-up/down reactions, comments) may be used to fine-tune models and improve product quality.

Attribution and Compliance

  • You own all of the code generated by Charlie, to the extent permitted by law.
  • Charlie uses OpenAI, Anthropic, and Google AI models to generate code, and you assume all risks that come with AI-generated code.

Account Deletion

You can delete your account by contacting us at hello@charlielabs.ai.