Built for developers who take privacy seriously.
CodeGrex is a privacy-first AI IDE. This page summarizes how we protect your code, your account, and your organization — without the legal jargon.
Last updated: June 2026
Security at a glance
Four principles that guide every release of the IDE, API, and web portal.
Privacy-first by design
Run models locally, bring your own API keys, or use managed cloud — you choose what leaves your machine.
Encryption everywhere
TLS 1.2+ for all API traffic. Account data encrypted at rest through our database provider.
No code warehousing
Our cloud API does not store your source code or prompt content — only usage metadata for billing.
Your keys stay yours
BYOK sends requests directly to providers you trust. We never resell or train on your private repos.
What data goes where
Transparency matters. The table below compares managed cloud usage with local-first and offline modes. When you use a third-party model (OpenAI, Anthropic, etc.), their privacy policy also applies to that traffic.
| Data type | Managed cloud | Local / offline |
|---|---|---|
| Source code & prompts | Sent to AI providers for completion/chat only (not stored by CodeGrex) | Stays on your machine with local or offline mode |
| Account profile (email, name) | Supabase — for sign-in and billing | N/A (account is cloud) |
| Usage metrics (tokens, model) | CodeGrex database — billing & quotas (~90 days) | Not sent when fully offline |
| Payment details | Stripe — we never store card numbers | N/A |
| Enterprise audit events | Metadata only (action, user, model) — not code content | Self-hosted: stays in your infrastructure |
Controls on your machine
Privacy protections run inside the editor before any request leaves your laptop. You can tighten or relax them per workspace.
Local models guide- Privacy modes: Normal (cloud + local), Sensitive (local completions), or Offline (fully air-gapped).
- Automatic PII and secret redaction before context is sent to cloud providers.
- .codegrexignore — exclude paths from AI context, similar to .gitignore.
- Terminal output capture is off by default; enable only when you need it.
- Telemetry is opt-in and sampled — not enabled by default.
- Local chat history can be limited with session-only persistence settings.
Cloud infrastructure
The managed service uses industry-standard providers: Supabase for authentication and profiles, Stripe for payments, and Redis for ephemeral caching and rate limiting. Redis holds counters and session cache — not your source code.
AI requests are proxied to the provider you select. We apply circuit breakers and timeouts so a single provider outage cannot stall your entire session.
Account & organization security
- Sign-in via Supabase Auth (email/password and OAuth providers).
- Enterprise SSO with SAML 2.0 and OpenID Connect, configurable per organization.
- Role-based access for Teams and Enterprise (owner, admin, member, viewer).
- Audit logs for enterprise customers — actions and metadata, not file contents.
Application safeguards
- JWT and IDE token authentication on every protected API request.
- Stricter rate limits on auth and AI endpoints to reduce abuse.
- Security headers (HSTS, CSP, frame denial) on the backend API.
- CORS restricted to configured portal origins per environment.
- Stripe webhooks verified with signing secrets.
- Admin and org-policy routes protected by role-based permissions.
Enterprise & self-hosted
Regulated teams can deploy CodeGrex inside their own VPC with Helm, keep all data in their infrastructure, and route AI traffic to a private endpoint or on-prem model (Ollama, vLLM, or any OpenAI-compatible server). Air-gapped deployments are supported when paired with a local model — no outbound internet required.
Responsible disclosure
If you believe you have found a security vulnerability, please report it responsibly. Do not run destructive tests against production. Include a clear description, steps to reproduce, and potential impact.
security@codegrex.comWe aim to acknowledge reports within 48 hours on business days.