MagiCode Privacy Policy

Privacy Policy Overview

This Privacy Policy describes how MagiCode AI, Inc. ("we", "us", "our", "MagiCode") collects, uses, and discloses your Personal Information when you use our application MagiCode ("the App"). By using the App, you agree to the collection and use of information in accordance with this policy.

At MagiCode, we are deeply committed to the privacy of your data. This Privacy Policy outlines our rigorous practices and protocols designed to protect your information, emphasizing our dedication to privacy, security, and compliance with industry standards. Our objective is to maintain a secure and trustworthy environment for all our users.

Managed Services Vendors and Compliance

MagiCode leverages a suite of top-tier managed services vendors, each complying with stringent security standards, including SOC 2. Our choice of vendors reflects our unwavering commitment to security:

• Auth0: Ensures robust authentication processes. Security Information
• AWS: Hosts core services such as RDS, S3, and EC2, alongside secure logging capabilities. Security Information
• OpenAI, Anthropic & Gemini: Power our AI models for code generation. All three organizations have strict policies ensuring data security and privacy, and do not train their models on your data.
  • OpenAI Security Information
  • Anthropic Security Information
  • Gemini Security Information
• GitHub: Provides a secure platform for managing commits and pull requests. Security Information
• PostHog: Tracks product analytics and user sessions. Security Information

These vendors are integral to safeguarding the integrity and security of our services, ensuring that your data is always in safe hands.

Data Collection and Use

While using our App, we may collect information related to your codebase, commits, GitHub tickets, pull requests (PRs), and PR comments. This data is essential to understand your interaction with our App and to continually improve our services. Specifics include:

• Code Storage: The code from GitHub is fetched at runtime and is not permanently stored on our servers. Instead, we store non-readable embeddings of the codebase ensuring data privacy.
• AI Models and Data Handling: Our AI models, powered by OpenAI and Anthropic, are used for code generation. These providers do not use this data for training and retain it for only 30 days.
• Data Ownership: You retain full ownership of all data provided to and generated by the App. We use this data solely to power our products and enhance its functionality. Your data can be securely deleted upon request or post-subscription termination.

The collected data is used for:

• Automatically generating and modifying PRs.
• Providing valuable insights to improve the App.
• Monitoring App usage and addressing technical issues.

GitHub Access and Data Storage

To enable seamless operation and integration with your development workflow, MagiCode requires specific access to GitHub repositories. Here's an overview of how we handle this access:

• Read and Write Access: We have read access for gathering necessary data related to commits, pull requests (PRs), and other repository activities. Write access is utilized to facilitate the creation of pull requests, including file creation, branch creation, and commit generation.
• Data Handling: Your files are fetched at runtime, and we do not store any files permanently on our servers. We prioritize the integrity and confidentiality of your data at every step.
• Branch Protection Compliance: MagiCode fully respects and complies with GitHub's branch protection rules, ensuring that your code's security and workflow integrity are maintained:
  • No Direct Pushes to Protected Branches: MagiCode cannot directly push changes to your protected branches. Any modifications proposed by MagiCode are submitted through the standard pull request process.
  • Adherence to Review Processes: All changes made by MagiCode undergo your team's established pull request review process, upholding your project's governance, coding standards, and quality checks.
  • No Access to Modify Branch Protection Settings: MagiCode does not have the capability to modify or update your branch protection settings. This ensures that your repository's security configurations remain under your team's exclusive control.
• Secure Authentication: We use GitHub's recommended authentication method, ensuring secure and controlled access to your repositories. The necessary installation ID is stored securely, and we maintain detailed logs of all actions taken, which users can request to review.

Privacy Best Practices

Our dedication to securing customer data is evident in our adoption of industry-leading security practices:

• Secrets Management: AWS Secrets Manager is employed for robust secrets management.
• Network Segmentation: Separating web servers and databases enhances overall security.
• Data Retention: Customer data can be securely deleted upon request or post-subscription termination.
• Data Encryption: All REST API transmissions are HTTPS-protected, and we use TLS for data encryption.
• Cloud & Managed Infrastructure: Leveraging AWS infrastructure ensures robust data security.
• Access Control: Stringent access controls restrict data access to authorized personnel only.
• Real-time Surveillance: Continuous monitoring ensures immediate response to potential security threats.
• Comprehensive Logging: Detailed API call logs facilitate effective security analysis and auditing.
• Multi-Tenant Architecture: Ensures logical segregation and isolation of customer data.
• Third-Party Security Compliance: We partner with third-party services that meet our high standards for security and privacy.
• Data Privacy: We are committed to protecting customer data privacy and do not sell or share data for marketing purposes.
• Authentication Standards: We utilize OAuth 2.0 for secure user authentication.

Incident Response Plan

At MagiCode, we are prepared to swiftly and effectively address any security incidents to minimize impact and protect our users' data:

• Detection and Identification: Our systems are monitored continuously to detect and identify any potential security incidents promptly.
• Response Team: We have a dedicated incident response team that is trained and ready to respond to security incidents.
• Containment and Eradication: Upon detection of an incident, immediate steps are taken to contain and eradicate the threat, preventing further damage.
• Recovery: We implement recovery procedures to restore any affected services or data to full functionality.
• Notification: In the event of a significant breach, affected users will be notified promptly, in compliance with relevant laws and regulations.
• Post-Incident Analysis: After an incident, we conduct a thorough analysis to identify causes, learn from the event, and implement improvements to prevent future occurrences.

Our Incident Response Plan is reviewed and updated regularly to ensure its effectiveness in the face of evolving security threats.

User Control and Privacy

User autonomy over their data is a cornerstone of our policy:

• Account Deletion: Users can delete their accounts at any time, which leads to the complete deletion of their data from our servers and third-party services.
• Data Export: Users can request a comprehensive data export at any time.
• Email addresses: If you connect a third-party ticketing service (e.g. Jira, Linear, etc.) we may fetch email addresses of users assigned to issues in order to sync them to GitHub users. We do not store this data and fetch it at runtime as needed.

Communication and Policy Updates

Our commitment to transparency extends to how we communicate policy changes:

• Updates Notification: Any changes to our Privacy Policy will be posted on our website. We advise users to review the policy periodically for updates.
• Effective Dates: Changes are effective upon posting on our website.

User Feedback and Concerns

We at MagiCode value our users' feedback and are committed to addressing any security concerns they may have:

• Open Communication Channels: Users are encouraged to report any security concerns or vulnerabilities they may encounter through hello@magicode.ai.
• Feedback Review: All feedback and concerns are reviewed by our security team and are used to guide improvements in our security practices.
• User Collaboration: We believe in collaborating with our user community to enhance the security of our platform. Suggestions and feedback are not only welcomed but are an integral part of our security strategy.
• Transparency in Updates: When user feedback leads to changes or updates in our security practices or policy, we communicate these changes to all users to maintain transparency and trust.

Your voice is essential to us, and we are committed to ensuring that your experience with MagiCode is secure, reliable, and responsive to your needs.