Skip to main content

Security and Privacy

At CuriousBox, we prioritize the security and privacy of your code and data. This document outlines our security practices and privacy commitments to ensure transparency about how we handle your information when you use ProdE.

Data Protection Principles

No Training on Client Code

We do not use your code for training purposes. Your code remains yours, and we do not use it to train or improve our models. The code you share with ProdE is only used to provide you with the requested assistance.

Encryption in Transit

All data transmitted between the ProdE extension and our backend services is encrypted using industry-standard TLS/SSL protocols. This ensures that your code and communications cannot be intercepted or read by unauthorized parties during transmission.

No Sensitive Data in Logs

Our logging systems are designed to exclude any API request or response data. Logs contain only system-level information necessary for troubleshooting and performance monitoring, without capturing any of your code or sensitive information.

Repository Accesss

Read-Only Repository Access

  • Git Integration: ProdE only requests read-only access to your repositories through secure OAuth tokens
  • No Write Permissions: We cannot modify, delete, or push changes to your repositories
  • Permission Scope: Access is limited to repositories you explicitly grant permission for

Cross-Repository Intelligence

  • Isolated Processing: Each user's knowledge layer is completely isolated from others
  • Secure Context Building: Relationships between repositories are computed securely within your isolated environment

MCP Server Integration Security

Secure Communication

  • Token-Based Authentication: All MCP server communications use secure, user-specific tokens
  • Encrypted Channels: All data transmission between coding assistants and ProdE MCP servers is encrypted

Coding Assistant Integration

  • No Direct Repository Access: Coding assistants access your knowledge layer through ProdE's secure API, not directly from repositories
  • Context Filtering: Only relevant context is provided to coding assistants based on your current work
  • Permission Inheritance: MCP integration respects the same permissions as your repository access

Data Retention and Deletion

Repository Disconnection

  • Immediate Effect: Disconnecting a repository immediately stops data processing and removes it from active knowledge layer

Account Deletion

  • Complete Data Removal: Account deletion triggers removal of all associated account information and access, repository data and knowledge layers

Additional Security Measures

Regular Security Audits

We conduct regular security audits of our systems and processes to identify and address potential vulnerabilities.

Commitment to Privacy

We are committed to maintaining the highest standards of privacy and security. Our goal is to provide you with a powerful knowledge layer while ensuring your intellectual property remains protected and private.

If you have any questions or concerns about our security and privacy practices, please reach out to us at contact@curiousbox.ai.

Last updated on