Privacy and security in AI Architect

Security and privacy are fundamental to how Bito's AI Architect operates. Bito doesn't store your code and we don't use your code for AI model training.

This document explains how AI Architect handles your code and data across different deployment modes.

Code storage: Bito-hosted vs. Self-hosted

The way AI Architect handles your code depends on your deployment choice:

Bito-hosted AI Architect

Your code is not stored on Bito's servers.

When you use Bito-hosted AI Architect, Bito stores only summaries and indexes of your code — not the code itself. These indexes help AI Architect understand your repository structure, key functionalities, service calls, design patterns, variable naming conventions, and architectural relationships across microservices.

How it works:

• AI Architect analyzes your code to build a knowledge graph

• Only metadata and summaries are stored on Bito's servers (e.g., "this repo contains authentication services," "this module calls these other services")

• The actual code is never persisted in Bito's cloud

When code access is needed:

• If you ask a question that requires viewing actual code, AI Architect authenticates with your Git provider using your credentials

• It fetches the specific file on-demand

• Extracts the necessary information

• Passes it back to you through the MCP server

• The code is not retained after the request

Code caching

For performance optimization, Bito temporarily caches individual code files for up to 10 minutes during analysis. You have full control over this behavior — you can configure the cache duration or disable caching entirely through your settings.

Self-hosted AI Architect

Your code remains entirely in your data center.

When you deploy AI Architect on-premises in your own infrastructure, all code and indexes are stored locally. Bito receives no code or code-related information. We only receive anonymous metadata about usage to confirm the product is working properly — no details about what your code does or contains.

Performance considerations

Bito-hosted AI Architect adds a few seconds to requests that require actual code access because the code must be fetched on-demand from your Git provider. This slight latency is the trade-off for keeping your code off Bito's servers. In practice, this difference is not material to user experience.

Code security and encryption

• All requests to and from AI Architect are transmitted over HTTPS and fully encrypted

• Your Git credentials are used only to authenticate and fetch code when needed

• Code accessed during analysis is handled securely and not logged or stored beyond the temporary cache window

No AI model training

Your code is never used for AI model training. Bito doesn't train on, learn from, or retain any of your code snippets or queries for model improvement purposes.

Privacy and third parties

Bito uses leading AI providers (such as Anthropic, OpenAI, etc.) via their APIs to power AI Architect features. None of your code or AI requests are stored by these partners. All AI providers we work with maintain commitments to not use API data for model training or retain user data beyond the immediate request processing.

Metadata and usage analytics

To ensure AI Architect is working correctly and to improve the product, Bito collects:

• Anonymous usage metrics

• Feature usage statistics

• Error logs (without code content)

This information helps us understand how AI Architect is being used and identify areas for improvement.

Compliance and certifications

Bito maintains SOC 2 Type II compliance and follows industry-leading security practices. For detailed information about our security posture and certifications, visit our Trust Center.

For our full privacy practices, see our Privacy Policy.

Questions?

If you have questions about how AI Architect handles your code or data, contact the Bito team at [email protected]. We're committed to transparency about security and privacy practices.