// Trust & Security Report
Assistiv AI LTDA
AskCodi - AI coding assistant and multi-model chat platform with local-first Desktop app, web-based Chat, Custom Agents, and OpenAI-compatible API for developers
Certifications held
0
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
No public evidence of SOC 2 certification found on askcodi.com
No public evidence of ISO 27001 certification found on askcodi.com
source: askcodi.comNo formal GDPR certification exists (GDPR is a regulation, not a certification), and no verbatim general compliance claim appears on the vendor's site. AskCodi's privacy policy does address GDPR/LGPD obligations: it honors data-subject rights (GDPR Articles 15-22) and names an EU representative under GDPR Article 27 ('Our representative in the European Union for matters relating to the GDPR is Shreyans Kumar Bhansali'). The previously cited quote 'AskCodi is in compliance with all GDPR requirements' does not appear anywhere on askcodi.com.
No public evidence of HIPAA compliance found on askcodi.com
No public evidence of CCPA compliance mentioned on askcodi.com
No public evidence of ISO/IEC 42001 certification found on askcodi.com
No public evidence of CSA STAR AI certification found on askcodi.com
No public evidence of FedRAMP authorization found on askcodi.com
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not stated
Data region
Unknown - Company is based in Brazil (São Paulo) but data storage location not specified in public documentation
Vendor's privacy policy explicitly states that for users on Free Plans or when using free models, 'prompts, responses, and interaction data' may be used 'for training and improving our AI models and services,' and such data may also be shared with model providers 'for their training purposes.' Data from premium models and paid plans (Hobby, Pay-as-You-Go) is not used or shared for training unless the user explicitly consents. AskCodi states it does not use feedback-signal data to train models and does not operate its own models. Free-tier training applies by default with no documented per-user opt-out.
// Security controls
Encryption
Vendor's privacy policy states data is protected with industry-standard encryption in transit (TLS) and at rest by its hosting/database processors.
askcodi.comTelemetry / Data Minimization
Desktop app collects only anonymous infrastructure counters; EU/UK users receive no telemetry of any kind until they respond to a first-launch consent prompt.
askcodi.comCode Review Security
Automatic review passes check for bugs and security issues before returning results
Local-First Architecture (Desktop)
AskCodi Desktop runs on local machine; code never leaves laptop by design
// Products & data scope
data: Local execution (code stays on machine); model API calls may go to cloud
Local-first app with CTO agent orchestrating specialist engineers in parallel git worktrees. Supports 50+ models (Claude, GPT, Gemini, etc.). Code execution is local; model inference is cloud-based unless local model used.
data: Chat queries and context sent to cloud
Browser-based chat interface supporting 50+ models. Suitable for quick questions. Code and prompts sent to cloud.
data: Agent logic and knowledge bases hosted on askcodi.com
Build and publish custom agents with instructions, tools, and knowledge bases. Marketplace for sharing agents.
data: API requests processed and routed to selected models
Drop-in replacement for OpenAI API; supports Anthropic, Google, Fireworks, xAI, and open models via single key. No lock-in.
// What to watch
- No formal GDPR certification (none exists; GDPR is a regulation). Vendor's privacy policy does address GDPR/LGPD (data-subject rights, EU representative under Article 27). The earlier held=true GDPR grade relied on a proof quote ('in compliance with all GDPR requirements') that does not appear anywhere on askcodi.com and appears to have been fabricated from third-party summaries.
- No SOC 2, ISO 27001, or other enterprise certifications found despite 400k+ user base and 5-year operation
- Trains on free-tier data by default: privacy policy states Free Plan / free-model prompts, responses, and interaction data may be used to train and improve AI models and be shared with model providers for their training. Paid/premium data is excluded unless the user explicitly consents. No per-user opt-out documented for the free tier.
- Data residency and storage location not specified in public documentation despite GDPR claim
- No DPA (Data Processing Agreement) mentioned or available in search results; required for GDPR-compliant data processing with EU customers
- Privacy policy PDF (https://www.askcodi.com/docs/PRIVACY_EN.pdf) could not be properly decoded for full content verification
- Terms PDF could not be properly decoded for full content verification
- No security/compliance page or trust center found on askcodi.com
- Desktop app's 'local-first' architecture is a strong privacy claim but has not been independently audited
// At a glance
Pricing model
Freemium (desktop app free to download) + subscription tiers for web chat and API
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Assistiv AI LTDA's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
askcodi.com