Compliance & Certifications
CodeDD's security assurance program and regulatory alignment
Compliance & Certifications
CodeDD maintains a security assurance program aligned with ISO/IEC 27001 and SOC 2 Type II. Certification attestations are in progress — controls are implemented and independently assessed; formal certificates are on the roadmap.
Framework alignment
| Framework | Status |
|---|---|
| ISO/IEC 27001 | Controls aligned; certification in progress |
| SOC 2 Type II | Controls aligned; attestation in progress |
| GDPR | Privacy Policy, DPA, SCCs available |
| NIST-aligned practices | Encryption, access control, logging, incident response |
Independent penetration tests are conducted regularly. Compliance artifacts are available under NDA on request.
Data privacy
GDPR — lawful basis in Privacy Policy and DPA; data minimization (source code deleted after processing); right to erasure; Standard Contractual Clauses for international transfers; sub-processor list in the DPA.
Contact compliance@codedd.ai for jurisdiction-specific questions (CCPA, UK GDPR, etc.).
Technical controls
- Encryption — Fernet at rest, TLS in transit, key rotation support → Data Encryption at Rest
- Access control — role-based access, two-factor authentication, CLI tokens with expiry and revocation
- Secure deletion — 3-pass overwrite after audit → Secure Data Deletion
- Monitoring — application and infrastructure logging with incident response procedures
Data residency
Primary hosting: IONOS data centers in Germany (EU). Stated in the Privacy Policy, Terms, DPA, and Security page. Enterprise contracts may specify alternate arrangements.
Sub-processors
AI inference providers process source code transiently under commercial agreements with data-protection terms. CodeDD does not use customer code to train AI models. Sub-processors are listed in the DPA.
Shared responsibility
CodeDD provides: secure processing, encryption and deletion controls, platform access management, compliance documentation on request.
Customers provide: read-only repository access with appropriate scoping, user access management within their organization, notification of special regulatory requirements.
Available documentation
On request (NDA may apply): SOC 2 report, ISO certificate (when available), penetration test summaries, DPA, security policies, sub-processor list.
Public: Privacy Policy · Terms of Service · Security page
Contact: compliance@codedd.ai

