← Back to Home

Security

Last Updated: October 17, 2025

Our Commitment to Security

ThinkingSDK takes the security of your code and runtime data seriously. While we're an early-stage product, we implement industry-standard security practices and are transparent about our current security posture.

What Data We Access

To provide debugging insights and AI-powered fixes, ThinkingSDK collects:

  • Runtime exceptions and stack traces
  • Local variable values and execution context
  • Relevant portions of your source code
  • System information (OS, Python version, dependencies)

We do not collect or access:

  • Credentials, API keys, or secrets from your code
  • Your entire codebase (only relevant files around exceptions)
  • Data unrelated to debugging and error analysis

Data Protection

Encryption

  • In Transit: All data is transmitted over HTTPS with TLS 1.2+
  • At Rest: Data is stored on encrypted cloud infrastructure

Authentication

  • API Keys: Hashed using bcrypt before storage (we never store plaintext keys)
  • Session Tokens: Time-limited tokens with automatic expiration
  • Access Control: Each organization's data is isolated from others

Data Storage

  • Hosted on secure cloud infrastructure with industry-standard protections
  • PostgreSQL database with role-based access controls
  • Regular automated backups
  • Data retention policies (90 days for events, configurable)

How We Handle Your Code

Your source code is treated with the highest level of care:

  • Limited Access: Only code relevant to exceptions is analyzed
  • No Training: Your code is never used to train AI models accessible to other customers
  • No Sharing: We never sell, share, or publicly disclose your code
  • AI Processing: Code analysis uses third-party AI services (OpenAI, Anthropic) with anonymized context where possible

Application Security

Secure Development

  • Code reviews for all changes
  • Dependency scanning for known vulnerabilities
  • Regular updates to third-party libraries

Infrastructure

  • Cloud hosting with automated security patches
  • Firewalls and network isolation
  • Rate limiting to prevent abuse
  • Monitoring and logging of suspicious activity

Responsible Disclosure

If you discover a security vulnerability in ThinkingSDK, please report it responsibly:

Email: security@thinkingsdk.ai

Please include:

  • Description of the vulnerability
  • Steps to reproduce (if applicable)
  • Potential impact
  • Your contact information

We commit to:

  • Acknowledging your report within 48 hours
  • Investigating and providing updates on our findings
  • Crediting you for the discovery (if desired) after the issue is resolved

Please do not:

  • Publicly disclose the vulnerability before we've had a chance to address it
  • Access or modify data that doesn't belong to you
  • Perform actions that could harm our service or users

Compliance and Certifications

ThinkingSDK is currently in early-stage development. We implement security best practices and comply with applicable data protection regulations (GDPR, CCPA) as described in our Privacy Policy.

As we grow, we plan to pursue formal security certifications including SOC 2 Type II based on customer demand.

Data Breach Response

In the event of a security incident affecting your data:

  • We will notify affected users within 72 hours of discovery
  • We will describe the nature and scope of the incident
  • We will explain steps taken to mitigate and prevent recurrence
  • We will report to relevant authorities as required by law

Questions and Contact

For security-related questions or concerns, please contact:

Security Issues: security@thinkingsdk.ai

General Inquiries: contact@thinkingsdk.ai

We believe in transparency about our security practices. As an early-stage product, we're continuously improving our security posture and welcome feedback from the security community.