Privacy and security
Bito doesn't read or store your code. Nor do we use your code for AI model training.
Last updated
Was this helpful?
Bito doesn't read or store your code. Nor do we use your code for AI model training.
Last updated
Was this helpful?
This document explains some of Bito's privacy and security practices. Our outlines our various accreditations (SOC 2 Type II) and our various security policies. You can read our full Privacy Policy at .
Security is top of mind at Bito, especially when it comes to your code. A fundamental approach we have taken is to allow you to decide where you want to store your code, either locally on your machine, in your cloud, or on Bito’s cloud (coming soon). We do not store any code, code snippets, indexes or embedding vectors on Bito’s servers unless you expressly allow that. Importantly, our AI partners do not store any of this information.
All requests are transmitted over HTTPS and are fully encrypted.
None of your code or AI requests are used for AI model training. None of your code or AI requests are stored by our AI partners. Our AI model partners are OpenAI, Anthropic, and Google. Here are their policies where they state that they do not store or train on data related to API access (we access all AI models via APIs):
OpenAI:
Anthropic:
Google Cloud: (5th paragraph)
The AI requests including code snippets you send to Bito are sent to Bito servers for processing so that we can respond with an answer.
Interactions with Bito AI are auto-moderated and managed for toxicity and harmful inputs and outputs.
Any response generated by the Bito IDE AI Assistant is stored locally on your machine to show the history in Bito UI. You can clear the history anytime you want from the Bito UI.
Bito is SOC 2 Type II compliant. This certification reinforces our commitment to safeguarding user data by adhering to strict security, availability, and confidentiality standards. SOC 2 Type II compliance is an independent, rigorous audit that evaluates how well an organization implements and follows these security practices over time.
Our SOC 2 Type II compliance means:
Enhanced Data Security: We consistently implement robust controls to protect your data from unauthorized access and ensure it remains secure.
Operational Excellence: Our processes are designed to maintain high availability and reliability, ensuring uninterrupted service.
Regular Monitoring and Testing: We conduct continuous monitoring and regular internal reviews to uphold the highest security standards.
This certification is an assurance that Bito operates with a high level of trust and transparency, providing you with a secure environment for your code and data.
When you use the self-hosted/docker version that you have setup in your VPC, in the docker image Bito checks out the diff and clones the repo for static analysis and also to determine relevant code context for code review. This context and the diff is passed to Bito's system. The request is then sent to a third-party LLM (e.g., OpenAI, Google Cloud, etc.). The LLM processes the prompt and return the response to Bito. No code is retained by the LLM. Bito then receives the response, processes it (such as formatting), and returns it to your self-hosted docker instance. This then posts it to your Git provider. However, the original query is not retained, nor are the results. After each code review is completed, the diff and the checked out repo are deleted.
If you use the Bito cloud to run the AI Code Review Agent, it runs similarly to the self-hosted version. Bito ephemerally checks out the diff and clones the repo for static analysis and to determine the relevant code context for code review. This context and the diff is passed to Bito's system. The request is then sent by Bito to a third-party LLM (e.g., OpenAI, Google Cloud, etc.). The LLM processes the prompt and return the response to Bito. No code is retained by the LLM. Bito then receives the response, processes it (such as formatting), and posts it to your Git provider. However, the original query is not retained, nor are the results. After each code review is completed, the diff and the checked out repo are deleted.
When we receive an AI request from a user, it is processed by Bito's system (such as adding relevant context and determining the Large Language Model (LLM) to use). However, the original query is not retained. The request is then sent to a third-party LLM (e.g., OpenAI, Google Cloud, etc.). The LLM processes the prompt and return the response to Bito. Bito then receives the response, processes it (such as formatting), and returns it to the user’s machine.
For enterprises, we have the ability to connect to your own private LLM accounts, including but not limited to OpenAI, Google Cloud, Anthropic, or third-party services such as AWS Bedrock, Azure OpenAI. This way all data goes through your own accounts or Virtual Private Cloud (VPC), ensuring enhanced control and security.
Our data retention policy is carefully designed to comply with legal standards and to respect our customers' privacy concerns. The policy is categorized into four levels of data:
Relationship and Usage Meta Data: This includes all data related to the customer's interaction with Bito, such as address, billing amounts, user account data (name and email), and usage metrics (number of queries made, time of day, length of query, etc.). This category of data is retained indefinitely for ongoing service improvement and customer support.
Bito Business Data: Includes customer-created templates and settings. This data is terminated 90 days after the end of the business relationship with Bito.
Confidential Customer Business Data: This includes code, code artifacts, and other organization-owned data such as Jira, Confluence, etc. This data is either stored on-prem/locally on the customer’s machines, or, if in the cloud, is terminated at the end of the business relationship with Bito.
AI Requests: Data in an AI request to Bito’s AI system. AI requests are neither retained nor viewed by Bito. We ensure the confidentiality of your AI queries; Bito and our LLM partners do not store your code, and none of your data is used for model training. All requests are transmitted via HTTPS and are fully encrypted.
Bito uses the following third-party services: Amazon AWS, Anthropic, Clearbit, Github, Google Analytics, Google Cloud, HelpScout, Hubspot, Microsoft Azure, Mixpanel, OpenAI, SendGrid, SiteGround, and Slack for infrastructure, support, and functional capabilities.
Bito follows industry standard practices for protecting your e-mail and other personal details. Our password-less login process - which requires one-time passcode sent to your e-mail for every login - ensures the complete security of your account.
For any further questions regarding our SOC 2 Type II compliance or to request a copy of the audit report, please reach out to
In line with Bito's commitment to transparency and adherence to data privacy standards, our comprehensive data and business privacy policy is integrated into our practices. Our complete Terms of Use, including the Privacy Policy, are available at , with our principal licensing information detailed at .
If you have any questions about our security and privacy, please email