Security & Trust

codelace is built with security at every layer. Here is how the infrastructure protects your data and transactions.

Transport encryption

All traffic between your application and the codelace API is encrypted with TLS. Inference payloads are transmitted over secure connections with no plaintext data in transit.

Infrastructure isolation

Inference requests execute in isolated compute environments. Each request is sandboxed with no cross-tenant data visibility.

Request logging

codelace stores request and billing records needed to operate the service, including usage metadata and account history. Request content and outputs may also be logged for routing, billing, debugging, abuse prevention, and support. Avoid sending sensitive information unless it is necessary for your use case.

Authentication

Users authenticate via email OTP — no passwords are stored. API keys are scoped per-account with the cl_ prefix. OTP codes are SHA-256 hashed, limited to 5 attempts, and expire after 10 minutes.

Payment security

All payments are processed through Stripe. Card details are never stored on our servers. Billing history and transaction metadata are available through your dashboard.

No vendor lock-in

codelace uses the standard OpenAI-compatible API format. Move to or from codelace by changing two environment variable. No proprietary SDK, no lock-in.