From 32890fec207d45fce182cd15d444f4942921d6f7 Mon Sep 17 00:00:00 2001
From: Hussam Lawen <hussam789@gmail.com>
Date: Wed, 5 Feb 2025 14:03:32 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..cafcabf8
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Qodo Merge 💎 (SaaS)
+* When using Qodo Merge💎, hosted by Qodo, we will not store any of your data, nor will we use it for training. You will also benefit from an OpenAI account with zero data retention.
+
+* For certain clients, Qodo Merge will use Qodo’s proprietary models. If this is the case, you will be notified.
+
+* No passive collection of Code and Pull Requests’ data — Qodo Merge will be active only when you invoke it, and it will then extract and analyze only data relevant to the executed command and queried pull request.
+
+## Qodo Merge 💎 (Self-hosted)
+* If you self-host PR-Agent with your OpenAI (or other LLM provider) API key, it is between you and the provider. We don't send your code data to Qodo servers.
+
+## Qodo Merge Chrome extension
+
+* The Chrome extension will not send your code to any external servers.
+* For private repositories, we will first validate the user's identity and permissions. After authentication, we generate responses using the existing Qodo Merge integration.