Permissions

We recognize the importance of safeguarding your source code and the trust you place in us. In addition to following industry standard security practices, we only request the minimal permissions necessary to perform the functions you utilize. We take great pains to avoid having your source code touch our infrastructure unless absolutely necessary for the functionality you request.

Code Reviews

To conduct code reviews on CodePeer, we request read-only access to your desired repositories. When you perform a code review, your browser retrieves the source code directly from the source control platform. For basic code review functionality, your source code never touches our servers.

Merging Pull Requests

For those who wish to merge pull requests directly from CodePeer, we need to request additional permissions to perform this action. We offer a companion application to enable merging. This application is entirely optional and designed to offer convenience to users who are comfortable granting the necessary permissions.

AI Functionality

Certain advanced AI features — like automated pull request summaries, AI-driven code reviews, the pull request chat bot, etc. — require temporary access to your source code if you wish to use them. Code accessed for this purpose is held in memory only, never written to disk, and is deleted after the response is generated.

Since AI functionality is the only time your code touches our servers, it must be explicitly enabled by an organization administrator before it can be used.