// Trust & Security Report
Aider (Aider AI LLC, US-based, open-source, founded 2023 by Paul Gauthier)
Open-source terminal-based AI pair programming tool with BYOK (Bring Your Own Key) architecture. Works with multiple LLM providers (Claude, OpenAI, DeepSeek, local Ollama) via LiteLLM middleware. Code sent to user-configured LLM providers, not Aider servers.
Certifications held
0
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 10 unconfirmed / not-held certifications
source: codegen.comNo SOC 2 certification and no enterprise compliance documentation.
source: codegen.comNo SOC 2 certification and no enterprise compliance documentation.
source: aider.chatNo public evidence or documentation of ISO 27001 certification.
source: aider.chatNo public evidence of ISO 27017 certification.
source: aider.chatNo public evidence of ISO 27018 certification.
source: aider.chatPrivacy policy states 'Our Services are hosted in the United States and intended for visitors located within the United States.' No formal GDPR compliance certification or DPA framework documented.
source: aider.chatNo public evidence of ISO 42001 or AI-specific governance certification.
source: aider.chatNo CSA STAR certification or Cloud Security Alliance membership evident.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
United States (services hosted in US, intended for US visitors; may transfer data internationally for storage/processing)
Aider does NOT train on customer data. Code is sent directly to user-configured LLM providers, not to Aider servers. Aider's analytics documentation explicitly states: 'Aider respects your privacy and never collects your code, chat messages, keys or personal info.' Analytics collection is opt-in and anonymous (UUID4-based).
// Security controls
Encryption in Transit
Not explicitly documented; assumed HTTPS for web communications. Code sent to LLM providers via their respective secure channels.
aider.chatEncryption at Rest
Not explicitly documented. Code stored locally in user's Git repository; analytics data hosted in US.
aider.chatCode Handling
BYOK (Bring Your Own Key) architecture. Code sent directly to user-configured LLM providers (Claude, OpenAI, DeepSeek, local Ollama) via LiteLLM middleware. NOT sent to Aider servers.
aider.chatCredential Management
API keys stored in .env files on user's local machine. Users maintain control of credentials.
aider.chatOpen Source Audit Trail
Fully open-source on GitHub (44K stars, 6.8M installs). Code is publicly auditable.
github.comFormal Security Policy
NO. No SECURITY.md file or formal vulnerability disclosure process on GitHub.
github.comThird-Party Security Audit
None documented. No SOC 2, ISO, or other independent audits published.
aider.chatAnalytics Collection
Opt-in (default disabled). Anonymous UUID4-based identifiers. Collects: LLM usage, token counts, feature usage, errors. NEVER collects code, chat messages, keys, or personal info.
aider.chat// Products & data scope
data: Code files in user's local repository, LLM API requests/responses (sent to user-configured LLM provider, not Aider). Optional anonymous analytics.
Open-source CLI tool. BYOK architecture ensures code and credentials remain user-controlled. Works with local models (Ollama) or cloud LLMs (Claude, OpenAI, DeepSeek). Git-aware; creates atomic commits for each change.
// What to watch
- IDENTITY CONFUSION RISK: Two different 'Aider' companies exist. aider.ai is an Auckland, New Zealand accounting/advisory software company (founded 2018, acquired by Karbon on 30 Sept 2025). aider.chat is Aider AI LLC, a US-based open-source coding tool (founded 2023 by Paul Gauthier). These are NOT the same entity. The aider.ai terms of service are for accounting software, NOT the aider.chat coding tool.
- NO FORMAL SECURITY POLICY: GitHub repository lacks SECURITY.md file and no formal vulnerability disclosure process.
- NO ENTERPRISE CERTIFICATIONS: Zero SOC 2, ISO 27001, GDPR, HIPAA, or other compliance certs. NOT suitable for regulated industries or enterprises requiring formal audit trails.
- NO INDEPENDENT AUDIT: Privacy and BYOK claims are not backed by third-party security audits. Open-source code is auditable but no formal independent assessment published.
- VENDOR ENTITY: aider.chat is operated by Aider AI LLC, a US legal entity; services are hosted in the United States per the privacy policy.
- NO DATA PROCESSING AGREEMENT (DPA): No DPA documented for GDPR-regulated entities or cross-border data transfers.
- TERMS OF SERVICE: Full terms.html page not accessible (404 error). Only partial legal framework available.
- PRIVACY POLICY INCOMPLETE: Privacy policy addresses collection but does not explicitly document data deletion rights, GDPR subject access requests (SAR), or portability.
// At a glance
Pricing model
Free and open-source (FOSS)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Aider (Aider AI LLC, US-based, open-source, founded 2023 by Paul Gauthier)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
aider.chat