# Security Policy

## Qodo Merge 💎 (SaaS)
* When using Qodo Merge💎, hosted by Qodo, we will not store any of your data, nor will we use it for training. You will also benefit from an OpenAI account with zero data retention.

* For certain clients, Qodo Merge will use Qodo’s proprietary models. If this is the case, you will be notified.

* No passive collection of Code and Pull Requests’ data — Qodo Merge will be active only when you invoke it, and it will then extract and analyze only data relevant to the executed command and queried pull request.

## Qodo Merge 💎 (Self-hosted)
* If you self-host PR-Agent with your OpenAI (or other LLM provider) API key, it is between you and the provider. We don't send your code data to Qodo servers.

## Qodo Merge Chrome extension

* The Chrome extension will not send your code to any external servers.
* For private repositories, we will first validate the user's identity and permissions. After authentication, we generate responses using the existing Qodo Merge integration.