AI Security & Privacy
Tidra is built on a foundation of transparency. This page explains how we use AI to automate maintenance work, what data we access, and the technical and contractual controls we have in place to protect your code and your customers' data.
Contents
- What is Tidra?
- How Tidra uses AI
- What data Tidra collects
- How Tidra AI works
- Data protection
- Controls and settings
- Ownership and attribution
What is Tidra?
Tidra is an AI-powered maintenance automation tool that handles large-scale, repetitive code changes across hundreds of repositories - covering version upgrades, library migrations, tooling changes, and configuration updates. Tidra orchestrates these changes at scale, generating code suggestions that engineering teams review and merge through their existing workflows.
Customers use Tidra to:
- Automate version upgrades and library migrations across hundreds of repositories
- Generate code changes for tooling updates and configuration standardization
- Analyze repository content to build context for accurate, targeted maintenance changes
How Tidra uses AI
Tidra uses AI for generative features that speed up maintenance work with commercially available large language models (LLMs). These features include:
- Generating code suggestion diffs that automate common maintenance tasks such as version upgrades, library migrations, and configuration changes
- Analyzing repository content to build architectural context for accurate code generation
Tidra does not use AI to make autonomous decisions or merge changes without review. Every code change generated by Tidra requires review and approval from a person on your team before it is merged.
What data Tidra collects
Tidra automatically receives each user's name and work email address when they authenticate through your SAML-based single sign-on (SSO) system. This information is considered personal data in many jurisdictions and is fully explained in our Privacy Policy. We also collect analytics about how users interact with Tidra.
All other data used within Tidra - including code repositories and related metadata - is explicitly chosen and actively integrated by the customer. Tidra does not pull in repositories or data sources without customer configuration.
How Tidra AI works
LLM providers
Tidra uses large language models (LLMs) hosted by enterprise-grade organizations, currently including OpenAI and Anthropic. We evaluate and select LLM providers against our quality, performance, security, and data protection requirements before any integration.
How repository content is used
Your source code is never permanently stored.Tidra uses Transient Scanning (temporary repository processing) to generate maintenance changes. Source code is processed in a temporary, secure execution environment and purged immediately after the request is fulfilled.
When Tidra processes a repository, it:
- Operates within a temporary, isolated execution environment
- Extracts only the architectural context essential for the specific request
- Purges the source code immediately after that context is extracted
Only limited artifacts derived from this process - such as generated code diff suggestions or contextual metadata - are stored in Tidra's databases. Your proprietary source code is not retained.
Data protection
RBAC and permissions
Tidra AI honors your existing Role-Based Access Control (RBAC) permissions. Any AI functionality that analyzes, modifies, or writes data requires a person in the loop and operates within that user's existing permissions. Tidra cannot make changes that the calling user does not already have permission to perform.
Encryption and subprocessor agreements
Before engaging any third-party AI vendor, OpsLevel evaluates that vendor's security practices and executes an enterprise agreement that enforces strict confidentiality. Data sent to third-party AI providers is protected with:
- Encrypted in transit using TLS 1.2 or higher
- Encrypted at rest using AES-256
Model training
Your data is not used to train AI models.By default, neither Tidra nor its AI subprocessors use Customer Data to train, fine-tune, evaluate, or improve any models. This is enforced by contractual agreements with all AI subprocessors.
Customer data segregation
Individual customer accounts are kept separate in our production environment. Data from different customers is never mixed or co-processed during AI inference. Your proprietary code, repository context, and prompt history are never exposed to other Tidra customers.
Data retention at third-party providers
Tidra's enterprise LLM providers use Zero Data Retention (ZDR) APIs. Prompts and context sent to the LLM - and the generated responses - are not retained by the provider after the request is fulfilled.
Compliance standards
Tidra AI is included in the scope of OpsLevel's continuous SOC 2 Type II compliance program. We also undergo regular third-party penetration testing to validate our AI implementation against threats including prompt injection.
Controls and settings
Tidra AI is an opt-in capability. Administrators maintain control through:
- Targeted scoping: Administrators can restrict AI scanning and code generation to specific repositories. This keeps highly sensitive repositories - such as Tier 0 systems - out of automated AI inference.
Additional governance controls are available at the account level. Contact [email protected] if you have specific requirements.
Ownership and attribution
Who owns AI-generated content
Customers retain ownership of both:
- Input - your repository data and source code provided to Tidra
- Output - generated code diff suggestions, inferred metadata, and other artifacts produced by Tidra and its subprocessors
How to identify AI-generated changes
Tidra is designed for review-driven workflows. All code changes are surfaced as recommendations - delivered as diff suggestions or pull requests / merge requests through your existing code review process. No change is merged without explicit review and approval from a person on your team.
This means every AI-generated change is visible, attributable, and subject to your team's standard review controls before it reaches your codebase.
Questions?
Contact us at [email protected].
Updated 18 days ago