FAQ | SoftSpell: Everything You Need to Know

Is Softspell SOC 2 compliant?

What security protocols
does Codespell adhere to?

Yes, Softspell meets SOC 2 standards for security and availability. We have SOC2 Type 2 compliance

Does Softspell support Single Sign-On (SSO)?

Which Large Language
Models (LLMs) does
Codespell use,
and how are they secured?

Yes, it integrates with enterprise identity providers via Single Sign-On.

How does Role-Based Access Control (RBAC) work?

Does Codespell store any
customer data? If so, how is
it encrypted?

RBAC ensures only authorized users can access specific modules.

Does Softspell comply with international data protection laws?

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

Our platform ensure least data retention, with regional data residency, doesn't store or process any PII information of the users.

Where do the core components run (IDE plug-in, orchestration layer, knowledge/index store,LLM runtime)?

What languages does
Codespell currently
support? What IDE’s do
we support?

The IDE plugin runs on the developer’s local machine, with all code indexes stored locally on the developer’s system.

The orchestration layer functions as a secure pass-through backend within the SoftSpell platform.

We use secure LLM services from AWS and Azure, with additional guardrails applied for enhanced security and compliance.

Is traffic private (PrivateLink/VNet peering) or does it
traverse the public internet?

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

All interaction from developer system to the platform happens over secure TLS protocol.

Is data federated or copied? Where is it persisted,for how long, and under whose access control?

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

With respect to the coding assistant feature of SoftSpell, nothing is stored in the platform. Every code that SoftSpell generates/modifies resides with the developer IDE.

Can egress be restricted to allow-listed endpoints only?

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

Yes, user can whitelist our platform wildcard domain to allow secure access from customer network.

Whether any customer data ever leaves a private cloud boundary.

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

No customer data ever leaves our private SaaS environment.

Is SoftSpell proposed as vendor-hosted, customer-hosted, or hybrid?

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

Soft Spell will run in Aspire’s SaaS cloud, with tenant isolation. There would be no dependencies on Customer end.

Does any prompt, code, context, or metadata leave our tenant? If yes, exactly what and why.

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

The prompt, code or context is used only for inferencing with the LLM on a need basis without any direct storage of the artefact. In case the user prefers to store the prompt for future reference, the same is stored as encrypted.

What telemetry or logging is retained by SoftSpell

Does Codespell comply
with industry standards?
Do we have regulatory
compliance certifications?

Details retained at Softspell's end:

- Only the usage tracking metrics (timestamps, request IDs) (No other context is stored)

Details retained only at Customer end:

         - Customer source code
         - Full prompts or generated code content
         - Indexed repositories or documents

Frequently asked questions

Features

Solutions

Quick Links

Features

Solutions

Quick Links