Security

Koder.ai is built with security-by-design so teams can ship AI-powered applications without compromising on data protection, governance, or compliance.

This page provides a high-level overview of how we think about security across the platform. For legal details, please review our Terms of Use and Privacy Policy.

Data security

All access to the Koder.ai web application and APIs is encrypted in transit over HTTPS using modern TLS. We strongly encourage customers to access Koder only over secure networks and to enable multi-factor authentication and passkeys where available.

Projects live inside workspaces and organizations, which helps separate data between teams and environments. Workspace privacy and data collection controls let you configure how projects, telemetry, and support access are handled for your organization.

Application security & access control

Koder includes enterprise-grade controls such as role-based access, organization and project-level permissions, and environment protections so you can decide who can view, edit, and deploy code.

Fine-grained roles at the organization, workspace, and project level
Audit trails for key actions where available in the product
Support for modern authentication flows and SSO in enterprise plans

Logging, monitoring, and reliability

We collect logs and operational metrics from core services to help detect issues, investigate incidents, and improve reliability. Our infrastructure is designed with redundancy in mind so that individual component failures do not bring down the entire service.

Secrets and configuration

Applications often depend on API keys and other credentials. Koder encourages you to manage these as environment configuration rather than hard-coding secrets in source code. This reduces the risk of accidental exposure in repositories or generated artifacts.

Shared responsibility

Security on Koder is a shared responsibility. We manage and secure the underlying platform and infrastructure; you are responsible for securing the applications you build, the data you connect, and the integrations you configure.

We operate, monitor, and secure the core services that power the editor, AI models, and hosting.
You define who can access your workspaces, what external systems you connect, and how your applications handle end-user data.

Payments and PCI

We use Stripe to process and store payment details which means we never directly handle your payment details. Stripe is a PCI Level 1 Certified payment processor which is the most stringent level of certification available in the payments industry.

Reporting security issues

If you believe you have found a security vulnerability or have concerns about account security, please use the "Report security issue" option on our contact page. Include as much detail as you can (affected project, steps to reproduce, logs or screenshots where possible) so we can investigate and respond quickly.