Data Protection
Strong encryption, disciplined data handling, and resilient backups across the entire lifecycle of your data.
Overview
Codexium’s data protection program safeguards client information from collection to deletion. We combine strong cryptography, hardened infrastructure, and disciplined engineering practices so that sensitive data remains confidential, intact, and available only to authorized users.
Scope
- Source code, configuration, and CI/CD artifacts.
- Application data in databases and object storage.
- Identity data such as user accounts and API keys.
- Operational data including backups and logs.
Encryption Standards
- In transit: All traffic between client, Codexium, and cloud services is protected with TLS using modern cipher suites and HSTS where appropriate.
- At rest: Databases, object storage, and volumes are encrypted using strong algorithms (e.g. AES-256) via cloud-native capabilities.
- Secrets management: Credentials, API keys, and certificates are stored in dedicated secrets managers. Direct storage in source code or configuration files is prohibited.
Data Classification & Handling
Codexium uses a simple but strict classification model:
- Public – marketing content and public documentation.
- Internal – internal operations data.
- Confidential – client data, source code, and contractual information.
- Restricted – highly sensitive secrets and security artifacts with strict access controls.
For each class we define where it may be stored, who may access it, and which protections are required. Engineers are trained to apply the correct classification from the start of every engagement.
Backups & Resilience
- Automated encrypted backups for all production data stores.
- Retention policies aligned with client and regulatory needs.
- Periodic restore tests to verify backup integrity.
- Multi-zone or multi-region redundancy where business continuity requires it.
Shared Responsibilities
Client
- Define which datasets Codexium will process and their sensitivity.
- Control access for their internal users and third parties.
- Provide regulatory requirements or contractual constraints.
Codexium
- Implement and maintain encryption, access control, monitoring, and backup policies.
- Ensure engineers use approved tools and secure channels.
- Review access to data stores and secrets regularly.
Cloud Provider
- Secure physical data centers and base infrastructure.
- Provide encrypted storage and key management primitives.