Security is foundational to Vycode. This document details the encryption, isolation and audit practices behind every completion.
Last updated · February 2026
§ 01
Our commitment.
At Vycode, security is foundational to everything we build. As a tool that interacts with your codebase, we understand the critical importance of protecting your intellectual property and data.
§ 02
Infrastructure security.
Encryption in transit · All communications between the VS Code extension and our servers use TLS 1.3 encryption.
Encryption at rest · All stored data is encrypted using AES-256 encryption.
Cloud infrastructure · We use enterprise-grade cloud providers with SOC 2 Type II certification.
Network security · Our infrastructure is protected by WAF, DDoS mitigation, and network segmentation.
§ 03
Code privacy.
No code storage · Code snippets sent for AI completions are processed in real-time and never stored beyond the request lifecycle.
Minimal context · We send only the minimum necessary context to AI providers for each completion request.
No training · Your code is never used to train or fine-tune any AI models.
Provider isolation · Each AI model provider receives requests independently with no cross-provider data sharing.
§ 04
Authentication & access.
API keys · All API communications are authenticated using secure token-based authentication.
Session management · Sessions are securely managed with automatic expiration and rotation.
Team permissions · Enterprise plans include role-based access control (RBAC) for team management.
§ 05
Compliance & auditing.
Regular third-party security audits and penetration testing
Comprehensive audit logging for all API access
Incident response procedures with 24-hour notification commitment
GDPR-compliant data handling practices
§ 06
Vulnerability reporting.
If you discover a security vulnerability, please report it responsibly to security@vycode.ai. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.