Subprocessors

To deliver the Services, Codity engages vetted third-party subprocessors that may process Customer Data on our behalf. Each subprocessor is bound by contractual data protection terms and assessed through vendor risk review. This page is maintained alongside our Privacy Policy and Record of Processing Activities.

Infrastructure & hosting

• Amazon Web Services (AWS) — Primary application hosting, storage, and data processing, with encryption at rest (AES-256).

AI model providers

• OpenAI — Large language model inference used to perform code reviews. Customer Data is not used to train OpenAI models.
• Anthropic — Large language model inference used to perform code reviews. Customer Data is not used to train Anthropic models.

Operational service providers

• Email & communications — Transactional and marketing email delivery for account, support, and product communications.
• Product analytics & monitoring — Grafana for usage analytics, performance monitoring, and error reporting used to operate and improve the Services.

How we manage subprocessors

• Subprocessors are assessed through vendor risk review before they process Customer Data.
• Each subprocessor is bound by a data processing agreement and appropriate transfer safeguards (such as SCCs).
• Customer Data shared with subprocessors is limited to what is necessary to provide the Services.
• To request advance notice of changes to this list, or for the transfer mechanisms applied to a specific subprocessor, email privacy@codity.ai.

This list is reviewed regularly and updated when we add or remove a subprocessor. Material changes are reflected in the "Last updated" date above.