🔐Security and data

This page details how Packmind handles your data

What kind of data does Packmind record?

In Packmind, we focus on storing the minimum amount of data needed. For each best coding practice created, we store the entire file containing the highlighted snippet (whether it's a positive or negative example) without linking it to your Git repository system.

How does Packmind record?

Our database uses the encryption at rest principle, and all sensitive data, such as Git tokens, is encrypted with private secret keys, so it can't be decrypted by an external attacker.

Our data are stored using encryption at rest, using aes-xts algorithm with LUKS2.

How does Packmind handle data with Git integrations?

With our Git integrations, Packmind can fetch data from the latest code changes in your Git repositories. Packmind exclusively performs HTTP API REST calls from Gitlab and other platforms so that no git clone operation is made on our servers.

Thus, all your source code and Git information are loaded in memory, transit through HTTPS connections, and are volatile since they are not persisted anywhere.

How does Packmind handle data with AI?

With AI integrations, Packmind lets you make the most of LLM engines such as Open AI or Azure Open AI.

OpenAI does not use any data for its internal data or model training. If Packmind connects to your specific LLM, you are in charge of ensuring the privacy of your data or discussing this topic with the LLM provider in case you don't host it internally.

While Packmind interacts with LLMs, as inputs for the prompts will be used:

  • Some parts of your source code (for analysis and suggestions for improvements)

  • Some parts of your coding practice metadata (name and description).

During that process, we do not store the prompts' input or output. We only store some statistics, such as the number of tokens sent and received.

How does Packmind handle data during best practice detection?

To provide developers with feedback on whether or not their source code complies with their best practices, the IDE and code review plugins send parts of your source code to Packmind, which handles the code analysis engine. Data is sent through HTTPS and is kept volatile, as the source code that is analyzed is not persistent. Only statistics such as the number of results found and execution time are recorded.

What personal data store Packmind?

For a given user, we only record their email and some data related to Packmind's plugin usage.

All personal data are stored in Europe, to remain compliant with GDPR regulations, and are handled by the following sub-contractors:

Last updated