Security is Core to Everything We Do

We know that your source code is one of your most valuable and sensitive assets. For most development teams, it's a literal representation of your most important work product.

Access to your Source Tree

CodeStream servers do not require access to your source code. To establish links between discussion threads and blocks of code, we use commit IDs and line number offsets, which are captured by the IDE when the thread is created. This approach allows us to build the service without our servers requiring access to the source tree itself.

Data Storage

Access Controls

Network Security

Site Security

General Data Protection Regulation (GDPR)

CodeStream is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018. We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

Bug Reports

If you think you have found a security issue, please email us at Please do not publicly disclose the issue or any related information until we have had a chance to review it and respond to you.

CodeStream provides monetary rewards, up to $500, for properly reported security issues. The reward is determined by the severity of the issue, the percentage of users impacted, and the likelihood of encountering the vulnerability under normal use of our service.

Two Ways to See for Yourself