Trust

Built to be trusted
with your work.

CodeConductor is a small, profitable company building infrastructure that businesses depend on. We take that responsibility seriously. This page is an honest accounting of what we do today and what we're working on next.

Compliance status

We don't list certifications we don't have. Here's where we actually stand.

HIPAA
Compliant

We support HIPAA-regulated workloads, including BAAs for qualifying customers.

GDPR
Compliant

Designed to support GDPR data subject rights, lawful processing, and DPAs.

SOC 2
In progress

Actively working toward SOC 2 Type II certification. Documentation available on request.

How we protect your data today

The practical, in-place security controls that every CodeConductor customer benefits from.

Encryption in transit and at rest

All customer data is encrypted in transit with TLS 1.2+ and at rest using industry-standard AES-256.

Single sign-on and access control

SAML/OIDC SSO, role-based access control, and least-privilege defaults across the platform.

Audit logging

Every meaningful action on the platform is logged. Logs are available to admins and exportable on request.

You own your data

Your apps, your data, your code. We do not train models on customer data, and your content is yours to export at any time.

Flexible deployment

Run on our shared cloud, in a dedicated environment, or in your own VPC. Your data stays where you need it to be.

Responsible AI defaults

We use major AI providers under zero-data-retention terms where available, and clearly document which models touch customer data.

Our commitments

The promises we make — and keep — to every customer.

  • We will never train models on your data.

    Your prompts, your data, and the apps you build are yours alone. They are not used to train any AI model, ours or anyone else’s.

  • We will tell you when we don’t know.

    Security questionnaires get honest answers. If we haven’t built something yet, we’ll say so and tell you when we plan to.

  • We will tell you when something goes wrong.

    If we have a security incident that affects you, you’ll hear it from us first — quickly, clearly, and with what we’re doing about it.

  • You can take your data with you.

    Apps, code, and data can be exported at any time. There’s no proprietary lock-in and no painful migration if you ever decide to leave.

Report a vulnerability

Found a security issue?

We take responsible disclosure seriously. If you think you've found a security vulnerability in CodeConductor, please email [email protected] and we'll respond within one business day.

Trust Center Security, Compliance and Governance | CodeConductor | CodeConductor