Privacy, Security & Your Data
From day 1 of building Pieces for Developers, we've had a first principle that everything is local first and built with speed, privacy, security, and offline-productivity in mind.
We also know that our partners operate in highly secure and sensitive environments, and we want to be prepared to operate in such environments (HIPAA, SOC 2, FERPA/COPPA, etc.). That being said - we can't tell you how happy we are that we have stayed true to this philosophy for cases just like yours!
We are SOC 2 Compliant 🔒
SOC 2 is a prestigious benchmark in the tech industry, especially important for companies like ours. It verifies that we meet strict organizational controls and practices, enhancing our credibility and trustworthiness in the market.
This achievement is a collective triumph for our team, reflecting our dedication to maintaining a secure and reliable service. It's an essential step forward in our mission to provide world-class developer tools.
Request our SOC 2 ReportOur Machine Learning Models
Pieces has our own internal ML models that we use to power some of our features. We have a few different models, and they are all built with privacy and security in mind.
Our ML models are designed to function entirely offline and on-device, eliminating the need for internet connectivity. This is possible by opting out of blended processing, as the models are integrated within the application's binary, ensuring seamless operation without requiring an internet connection.
If you have not opted out of blended processing, then some of the models will offload computation to the cloud. A few of our models are only available in the cloud, but we are working on making them local.
This table shows which models are available locally and which will use cloud compute unless processing is set to local.
Model | Local | Blended |
---|---|---|
Code vs Text | ✅ | ✅ |
Coding language classification | ✅ | ✅ |
Code Similarity | ✅ | ❌ |
Description Generation | ✅ | ✅ |
Framework Detection | ✅ | ✅ |
Image to text (OCR) | ✅ | ✅ |
Link Extraction | ✅ | ❌ |
Neural Code Search | ✅ | ❌ |
Related Links | 🚧 | ✅ |
Suggested tags from tags | ✅ | ❌ |
Suggested Save | ✅ | ❌ |
Snippet Discovery | ✅ | ❌ |
Secret Detection | ✅ | ✅ |
Search Queries | 🚧 | ✅ |
Tag Generation | ✅ | ✅ |
Title Generation | ✅ | ✅ |
Our ML models are not trained continuously. They do not train on your data as you use the product.
Live Context
The Live Context feature in Pieces enhances the functionality of the Pieces Copilot by utilizing our proprietary Workstream Pattern Engine (WPE). This feature is designed with privacy and efficiency in mind, ensuring that all data processing and storage occur locally on your device.
How Live Context Works
- On-Device Processing and Storage: All WPE algorithms, processing, and storage take place directly on your device. This ensures that your data remains secure and private, without being transmitted over the internet unless necessary.
- TODO: Add why it may be necessary to transmit data over the internet
- Querying Local Data: When Live Context is enabled, and you ask a question to the Copilot, the system queries data aggregated from the WPE. This data is processed entirely on your device to find content that is relevant to your query.
- Utilizing Retrieval-Augmented Generation (RAG) for Contextual Relevance: The relevant content identified by the WPE is then used as context for the Copilot prompt.
- Interaction with Language Models (LLM):
- Cloud LLM: If you are using a cloud-based LLM, the data identified as relevant is sent to the cloud LLM for processing.
- Local LLM: If you are using a local LLM, the data remains on your device, ensuring that all processing happens locally without any data leaving your device.
Our ML models are designed to function entirely offline and on-device, eliminating the need for internet connectivity. This is possible by opting out of blended processing, as the models are integrated within the application's binary, ensuring seamless operation without requiring an internet connection. We do not train our models continuously on your data.
The data that we do collect is completely anonymous and highly secure. We also know that our partners operate in highly secure and sensitive environments, and we want to be prepared to operate in such environments (HIPAA, SOC 2, FERPA/COPPA, etc.).
Privacy Recommendations
For users concerned about privacy, we strongly recommend using a Local LLM with the Pieces Copilot. Options include Mistral, Phi, Llama, among other powerful local models. Using a local LLM ensures that all data and processing remain on your device, providing an additional layer of security and privacy.
Performance Note
Please note that results may vary depending on the selected LLM. Each model has its strengths and capabilities, which can influence the effectiveness of the Live Context feature.
Saving Code Snippets in the Cloud
The Pieces cloud is entirely opt-in. Authentication is managed by our enterprise-ready authentication partners at Auth0 (now owned by Okta).
Even when a user signs in, they do not have a cloud until they specifically connect it in their settings.
If a user opts into the cloud, the data is only uploaded when something is shared.
When you click the "Share" icon and create a shareable link, only then is the snippet uploaded and accessible via the cloud.
Finally, a note on cloud architecture for the things that are backed up:
- There is no centralized database; each user has their own micro-database
- There are no centralized or shared servers
- Each user has their own Cloud Run instance, with their own unique subdomain and their own micro load balancer
Every user's cloud scales up and down completely independent of other users. The cloud is only running when a shared snippet is being accessed, backed up, or updated, and we can easily port our docker images over to an existing "Panasonic Cloud" if needed.
Telemetry & Crash Data
Most importantly, all data collection is opt-out, and we give all the control to our users.
The data that we do collect is completely anonymous and highly secure.
Why do we collect data?
Long story short, we're an early-stage startup and the data helps us to report on overall growth and hopefully earn more funding to continue building amazing products for our users.
Here are some screenshots of Telemetry opt-outs from the Pieces products:
Pieces for Developers Desktop App
Pieces for IntelliJ
Pieces for VS Code
Pieces for Chrome
If you have any other questions about privacy and security, please reach out! We want to make choosing Pieces as easy for you as possible.