Ellipsis takes the security of your code very seriously.

  • Hosting: Our services are hosted on AWS. The security model of AWS is extensively documented here.
  • LLM Providers: Our LLM providers (OpenAI/Azure OpenAI) do not use data from API requests to train models. You can find their policies here: OpenAI, Azure OpenAI.
  • Logging: We use PromptLayer for logging LLM requests to allow our engineers to provide production support. You can opt out of logging by disabling it in the Settings page on the web app.

SOC 2 Type 1

Ellipsis is SOC 2 Type 1 compliant. For reference, SOC 2 is an industry standard for security compliance. It requires organizations to establish extensive security guidelines and policies and obtain certification through a thorough third-party audit.

To request a copy of our report, please contact us.

Code Generation

For code generation workflows with a Dockerfile, Ellipsis checks out your project on our servers in AWS, where code is automatically deleted when workflows are completed and never persisted between workflows. Our servers run in a private VPC with security group rules that prevent unwanted access.

Vulnerability Disclosure Program

We take the security of our systems seriously and appreciate the efforts of security researchers who help us improve our security posture. If you believe you have found a security vulnerability in our systems, we encourage you to disclose it to us in a responsible manner.

Disclosure Policy

Make a good faith effort to avoid data destruction, privacy violations, and interrupting or degrading services. Report vulnerabilities to help@ellipsis.dev.

Safe Harbor

We will not pursue legal action against researchers who make a good faith effort to follow this VDP.

Bug Bounty Program

Regretfully, at this time we do not offer a bug bounty pool.