Security & Privacy
Ellipsis is SOC 2 Type 1 certified, and it never stores your code or uses your code for model training.
General
Ellipsis takes the security of your code very seriously.
Our services are hosted on AWS. The security model of AWS is extensively documented here.
Our LLM providers (OpenAI/Azure OpenAI) do not use data from API requests to train models. You can find their policies here: OpenAI, Azure OpenAI.
We use PromptLayer for logging LLM requests to allow our engineers to provide production support.
SOC 2 Type 1 Certification
Ellipsis is SOC 2 Type 1 compliant.
For reference, SOC 2 is an industry standard for security compliance. It requires organizations to establish extensive security guidelines and policies, and obtain certification through a thorough third-party audit.
To request a copy of our report, please contact us.
Opting out of logging
If you want to opt out of all logging (internal and to PromptLayer), you can disable it in the Settings page of app.ellipsis.dev, or add the following line to your ellipsis.yaml configuration:
version: 1.3
settings:
third_party_logging_enabled: false
Note that this will restrict our ability to provide you support.
On-premise deployments
Contact us if you are interested in deploying Ellipsis in your own AWS, GCP, or Azure account.
Code generation
For code generation workflows with a Dockerfile, Ellipsis checks out your project on our servers in AWS, where code is automatically deleted when workflows are completed, and never persisted between workflows. Our servers run in a private VPC with security group rules that prevent unwanted access.
Vulnerability Disclosure Program
For reporting vulnerabilities, please see our vulnerability disclosure program.