Security
Security
Last updated: April 16th, 2025
Keeping your source code and developer environment secure is important to us. This page outlines how we approach security for Charlie. For any security‑related questions or to submit potential vulnerabilities, feel free to contact us at hello@charlielabs.ai.
Certifications and Third‑Party Assessments
We are in process of obtaining our SOC 2 Type I certification with Vanta.
Terminology
Sees your code
– Has an entire copy of the repository.Sees code snippets
– Access is limited to fragments (e.g., a pull‑request diff) of your code.Does not see your code
– Has no access to your repository or code snippets.
Providers
- GCP –
Sees code snippets
– We use GCP for our primary infrastructure and secret management. - Sentry –
Sees code snippets
– We use Sentry for error monitoring and logging. - OpenAI –
Sees code snippets
– Used for inference. - Anthropic –
Sees code snippets
– Used for inference. - Runloop –
Sees your code
– Provides isolated and secure VM environments for Charlie. - SerpAPI –
Does not see your code
– Used to search the internet. - Optional: Slack –
Sees code snippets
– If you connect your Slack workspace, Charlie may respond to messages with code snippets. - Optional: Linear –
Sees code snippets
– If you connect your Linear workspace, Charlie may respond to comments with code snippets.
Data Security
- We do not use any open‑source hosting/training or DeepSeek AI models.
- Charlie exclusively uses OpenAI, Anthropic, and Google as AI service providers.
Access Control
- The GitHub user account
@CharlieHelps
has the access you granted through GitHub. - The GitHub App
CharlieCreates
has the access you granted through GitHub. @CharlieHelps
uses multi‑factor authentication (MFA).- All interactions with
@CharlieHelps
are handled exclusively with encrypted private GitHub tokens.
Infrastructure
- We use Google Cloud Platform (GCP) for our primary infrastructure.
- We enforce multi‑factor authentication for all GCP accounts.
- We use Terraform for infrastructure‑as‑code to track and review changes.
- We assign infrastructure access on a least‑privilege basis.
- We use both network‑level controls and secrets to restrict resource access.
How We Use Your Data
- We use your data to evaluate Charlie’s performance (e.g., diagnosing failures, measuring feature usage).
- We do not sell your code to third parties.
- We do not use your data for any purpose other than providing you with Charlie.
- We store the minimum data necessary to achieve our business goals.
- We do not use your code for training or fine‑tuning models.
Attribution and Compliance
- You own all of the code generated by Charlie, to the extent permitted by law.
- Charlie uses OpenAI, Anthropic, and Google AI models to generate code, and you assume all risks that come with AI‑generated code.
Account Deletion
You can delete your account by contacting us at hello@charlielabs.ai.