Patchwork is committed to the highest level of data security and privacy for our users. If you have any additional questions regarding security, please reach out to leon@patchworklabs.ca and we will respond within 24 hours.
Data Storage and Security:
Patchwork minimize the risk of data leaks using the following two principals: store the least amount of data needed to provide great features and leveraging SAML SSO (single sign-on).
In regards to the first point, the only time Patchwork has access to your code is when a diagram is being generated. As soon as the diagram is generated, your code is automatically deleted from our system and never retrieved again for that diagram. Only diagram information (function names, files names, and connections) is stored in the database. Patchwork uses MongoDB to store this information and their security capabilities can be found on the MongoDB security page.
Second, by using Github’s SAML SSO (single sign-on) we are able to leverage Github’s robust security. Single sign-on systems allow companies like Patchwork to benefit from security infrastructure that large companies (Google, Meta, Microsoft) have developed and are constantly improving. Patchwork is a registered Github application and can be found on Github Marketplace. Patchwork follows Github’s best practices and leverages protection with OAuth 2.0. Furthermore, users can manually select the repositories they want to give access to, this fine grain control helps mitigate risks and data leaks.
Data Encryption:
Patchwork encrypts data using industry standard encryption protocols, such as AES-256, to protect your information and profile from unauthorized access or theft.
AI Integration:
Patchwork leverages AI only when a user opts into the generation of function summaries for each individual project. The generated function summaries are stored in our database, displayed for each function node, and used for the Patchwork chat feature.
The code is automatically deleted once the summaries are generated. Patchwork uses OpenAI’s API platform for inference and embedding. Information about their security can be found at Enterprise Privacy at OpenAI. For inquiries on local AI model support, please email leon@patchworklabs.ca.
Patchwork utilizes the open-source vector database Qdrant to power the chat functionality. Their security protocols can be found on the Qdrant Security Policy page.
Certification:
Patchwork is currently in the process of becoming SOC2 Type II compliant. Patchwork is striving to align with prevailing and future industry standards, ensuring security is constantly up-to-par.
Deletion of Customer Data:
At any time, a customer can request that their data be deleted from the Patchwork systems. This includes the deletion of generated diagrams, function summaries, and any other user related data. It may take up to 7 days from the time of request for data to be deleted from the Patchwork system.
