LobsAI

Security at LobsAI Coder

Your security and privacy are our top priorities. Learn about our comprehensive security practices.

Security Overview

End-to-End Encryption

All communications secured with TLS 1.3

Zero Data Retention

Your code is never stored on our servers

Local Processing

All file operations happen locally on your machine

Secure API Integration

Direct, encrypted connections to AI providers

Regular Security Audits

Continuous monitoring and penetration testing

Compliance

SOC 2, GDPR, and CCPA compliant

Vulnerability Disclosure Policy

We take security vulnerabilities seriously. Report any issues to security@lobsaicoder.com

What to include in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Proof of concept (if applicable)
  • Your contact information
  • Suggested remediation (optional)

Responsible Disclosure Timeline

1

Day 0

Initial Report

You submit a vulnerability report

2

Within 24hrs

Acknowledgment

We acknowledge receipt of your report

3

Within 3 Days

Initial Assessment

We assess the severity and scope

4

Within 7 Days

Detailed Response

We provide a detailed response and timeline

5

30-90 Days

Remediation & Disclosure

Fix deployed and coordinated disclosure

Security Best Practices

API Key Management

  • Use environment variables for API keys
  • Rotate keys regularly
  • Never commit keys to version control
  • Use separate keys for development/production
  • Monitor key usage for anomalies

Extension Security

  • Keep the extension updated
  • Review tool approvals carefully
  • Use human-in-the-loop mode
  • Enable telemetry opt-out if desired
  • Report suspicious behavior immediately

Code Privacy

  • Review what context is sent to AI providers
  • Use local models for sensitive code
  • Understand provider data policies
  • Minimize shared context when possible
  • Use .lobsaiignore for sensitive files

Bug Bounty Program

Help us make LobsAI Coder more secure and get rewarded.

In Scope

  • LobsAI VS Code Extension
  • LobsAI API
  • lobsaicoder.com Website
  • Documentation Site

Rewards

Critical$500 – $2,500
High$250 – $1,000
Medium$100 – $500
Low$50 – $250

Compliance & Certifications

SOC 2 Type II

Compliant

GDPR

Compliant

CCPA

Compliant

ISO 27001

In Progress (Q2 2026)

Security Contact

Email

security@lobsaicoder.com

GitHub

Security Tab

PGP Key

Request via Email

Urgent Security Issue?

For critical vulnerabilities requiring immediate attention, email security@lobsaicoder.com with "URGENT" in the subject line.

Last Updated: November 3, 2025