Security
Security
Last updated: April 30th, 2025
Keeping your source code and developer environment secure is important to us. This page outlines how we approach security for Charlie. For any security-related questions or to submit potential vulnerabilities, feel free to contact us at hello@charlielabs.ai.
Certifications and Third-Party Assessments
We are in process of obtaining our SOC 2 Type I certification with Vanta.
Terminology
Sees your code
– Has an entire copy of the repository.Sees code snippets
– Access is limited to fragments (e.g., a pull‑request diff) of your code.Does not see your code
– Has no access to your repository or code snippets.
Providers
- GCP –
Sees code snippets
– We use GCP for our primary infrastructure and secret management. - Sentry –
Sees code snippets
– We use Sentry for error monitoring and logging. - OpenAI –
Sees code snippets
– Used for inference. - Anthropic –
Sees code snippets
– Used for inference. - Runloop –
Sees your code
– Provides isolated and secure VM environments for Charlie. - SerpAPI –
Does not see your code
– Used to search the internet. - Optional: Slack –
Sees code snippets
– If you connect your Slack workspace, Charlie may respond to messages with code snippets. - Optional: Linear –
Sees code snippets
– If you connect your Linear workspace, Charlie may respond to comments with code snippets.
Data Security
- We do not use any open‑source hosting/training or DeepSeek AI models.
- Charlie exclusively uses OpenAI, Anthropic, and Google as AI service providers.
Access Control
- The GitHub user account
@CharlieHelps
has the access you granted through GitHub. - The GitHub App
CharlieCreates
has the access you granted through GitHub. @CharlieHelps
uses multi-factor authentication (MFA).- All interactions with
@CharlieHelps
are handled exclusively with encrypted private GitHub tokens.
Infrastructure
- We use Google Cloud Platform (GCP) for our primary infrastructure.
- We enforce multi-factor authentication for all GCP accounts.
- We use Terraform for infrastructure-as-code to track and review changes.
- We assign infrastructure access on a least-privilege basis.
- We use both network-level controls and secrets to restrict resource access.
How We Use Your Data
- We use your data to evaluate Charlie’s performance (e.g., diagnosing failures, measuring feature usage).
- We do not sell your data to third parties.
- We do not use your data for any purpose other than providing you with Charlie.
- We store the minimum data necessary to achieve our business goals.
- Your source code is never used for training or fine-tuning any machine-learning or language models.
- Aggregated feedback signals you provide (e.g., thumbs-up/down reactions, comments) may be used to fine-tune models and improve product quality.
Attribution and Compliance
- You own all of the code generated by Charlie, to the extent permitted by law.
- Charlie uses OpenAI, Anthropic, and Google AI models to generate code, and you assume all risks that come with AI-generated code.
Account Deletion
You can delete your account by contacting us at hello@charlielabs.ai.