Kodus Trust Center
Transparency about security, compliance, and infrastructure in one place.
Trust Center
Kodus
AI code review with control and minimal noise
Kody is an open source AI code review agent with deep knowledge of your business rules and architecture, aligned with your policies and compliance requirements.
SOC 2
Scope: Security and Availability
ISO 27001
Scope: Information Security Management for global operations
LGPD
Scope: Data processor commitments and internal policies
GDPR
Scope: Data processor commitments and international transfer safeguards
Access Management
Owner: Security and Compliance • SSO and MFA enforced for corporate accounts with least privilege access reviews every quarter.
Cadence: Reviewed annually or after major changes
Incident Management
Owner: Security and Compliance • Defined severity levels, logging and 72 hour client notification for incidents involving personal data.
Cadence: Reviewed annually and after major incidents
Backup and Disaster Recovery
Owner: Infrastructure and Security • Daily encrypted backups on AWS and DigitalOcean with defined RPO and RTO.
Cadence: Backup restore tests performed periodically and policy reviewed annually
Secure SDLC
Owner: Engineering and Security • Secure coding standards, automated tests and mandatory AI code review before merge.
Cadence: Reviewed annually and aligned with engineering practices
Security and Data Usage Overview
OverviewHigh level overview of Kodus security architecture, controls and data usage.
Privacy Policy
PrivacyDetails on what personal data we collect, how we use it and the rights of data subjects.
Data Processing Agreement (DPA)
Data ProtectionStandard data processing terms for customers where Kodus acts as data processor.
Data Protection and Data Retention Policy
PolicyInternal rules for data minimization, retention periods and secure disposal.
Information Security Policy
PolicyCompany wide information security principles, access control and infrastructure requirements.
Incident Response and Breach Notification Policy
PolicyProcedures for detecting, investigating and notifying incidents, including 72 hour breach notifications.
Disaster Recovery and Backup Policy
PolicyBackup strategy, RPO and RTO objectives, and disaster recovery procedures.
SDLC Policy
PolicySecure software development life cycle, including mandatory AI powered code review with Kody.
Amazon Web Services (AWS)
Primary hosting environment for application servers, databases and backups.
Google Cloud Platform (GCP)
Used for certain data processing jobs and analytics workloads.
DigitalOcean
Used for auxiliary services and background workers.
LangSmith
Helps monitor and evaluate AI prompts and model outputs.
Sentry
Captures application errors and performance data.
Composio
Connects Kody with external tools and APIs.
Stripe
Processes subscription payments and invoices.
Anthropic
Provides managed LLMs for AI code review features.
OpenAI
Provides managed LLMs for AI code review and natural language features.
Novita
Provides models and embeddings for code understanding and search.
Customer.io
Sends product emails and lifecycle messages.
PostHog
Captures usage analytics to help improve the product.
Office hours: 9am to 6pm BRT