Last updated: April 16th, 2025

Keeping your source code and developer environment secure is important to us. This page outlines how we approach security for Charlie. For any security‑related questions or to submit potential vulnerabilities, feel free to contact us at hello@charlielabs.ai.


Certifications and Third‑Party Assessments

We are in process of obtaining our SOC 2 Type I certification with Vanta.


Terminology

  • Sees your code – Has an entire copy of the repository.
  • Sees code snippets – Access is limited to fragments (e.g., a pull‑request diff) of your code.
  • Does not see your code – Has no access to your repository or code snippets.

Providers

  • GCPSees code snippets – We use GCP for our primary infrastructure and secret management.
  • SentrySees code snippets – We use Sentry for error monitoring and logging.
  • OpenAISees code snippets – Used for inference.
  • AnthropicSees code snippets – Used for inference.
  • RunloopSees your code – Provides isolated and secure VM environments for Charlie.
  • SerpAPIDoes not see your code – Used to search the internet.
  • Optional: SlackSees code snippets – If you connect your Slack workspace, Charlie may respond to messages with code snippets.
  • Optional: LinearSees code snippets – If you connect your Linear workspace, Charlie may respond to comments with code snippets.

Data Security

  • We do not use any open‑source hosting/training or DeepSeek AI models.
  • Charlie exclusively uses OpenAI, Anthropic, and Google as AI service providers.

Access Control

  • The GitHub user account @CharlieHelps has the access you granted through GitHub.
  • The GitHub App CharlieCreates has the access you granted through GitHub.
  • @CharlieHelps uses multi‑factor authentication (MFA).
  • All interactions with @CharlieHelps are handled exclusively with encrypted private GitHub tokens.

Infrastructure

  • We use Google Cloud Platform (GCP) for our primary infrastructure.
  • We enforce multi‑factor authentication for all GCP accounts.
  • We use Terraform for infrastructure‑as‑code to track and review changes.
  • We assign infrastructure access on a least‑privilege basis.
  • We use both network‑level controls and secrets to restrict resource access.

How We Use Your Data

  • We use your data to evaluate Charlie’s performance (e.g., diagnosing failures, measuring feature usage).
  • We do not sell your code to third parties.
  • We do not use your data for any purpose other than providing you with Charlie.
  • We store the minimum data necessary to achieve our business goals.
  • We do not use your code for training or fine‑tuning models.

Attribution and Compliance

  • You own all of the code generated by Charlie, to the extent permitted by law.
  • Charlie uses OpenAI, Anthropic, and Google AI models to generate code, and you assume all risks that come with AI‑generated code.

Account Deletion

You can delete your account by contacting us at hello@charlielabs.ai.