Vexelity AI

Security

Last updated: January 22, 2026

Our Commitment to Security

At Vexelity AI, security is fundamental to everything we build. We understand that developers trust us with their code and projects, and we take that responsibility seriously. This page outlines our security practices, policies, and how you can help us maintain a secure environment.

Infrastructure Security

Data Encryption

All data transmitted between your devices and our servers is encrypted using TLS 1.3 or higher. Data at rest is encrypted using AES-256 encryption. Encryption keys are managed using industry-standard key management systems with regular rotation.

Infrastructure Hardening

Our infrastructure is hosted on trusted cloud providers with SOC 2 Type II compliance. We employ multiple layers of security controls, including firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.

Access Controls

We implement strict role-based access controls (RBAC) for all internal systems. Access to production systems requires multi-factor authentication and is logged and monitored. Only authorized personnel have access to customer data, and such access is granted on a need-to-know basis.

Monitoring and Logging

We maintain comprehensive logging and monitoring of our systems to detect and respond to security incidents. Logs are retained securely and analyzed for suspicious activity. Automated alerts notify our security team of potential threats in real-time.

Application Security

Secure Development Practices

We follow secure coding standards and conduct security reviews for all code changes. Our development process includes:

  • Code reviews with security focus
  • Static application security testing (SAST)
  • Dynamic application security testing (DAST)
  • Dependency scanning for known vulnerabilities
  • Regular security training for all developers

Authentication and Authorization

Orbit IDE and our web services use secure authentication mechanisms including OAuth 2.0, secure session management, and optional multi-factor authentication (MFA). We strongly recommend enabling MFA for enhanced account security.

Input Validation and Sanitization

All user input is validated and sanitized to prevent injection attacks, cross-site scripting (XSS), and other common vulnerabilities. We implement Content Security Policy (CSP) headers and other security headers to protect against web-based attacks.

AI Model Security

Data Processing

Code and prompts sent to our AI models are processed in secure, isolated environments. We do not use your code to train our models without explicit consent. AI inference is performed on encrypted connections, and prompts are not stored longer than necessary for service delivery.

Model Safety

Our AI models are designed with safety guardrails to prevent generation of malicious code, disclosure of sensitive information, or assistance with harmful activities. We continuously monitor and improve these safeguards.

Data Privacy and Protection

Data Minimization

We collect only the data necessary to provide and improve our services. You control what code context is shared with our AI models, and you can opt out of telemetry and analytics in your settings.

Data Retention

We retain customer data only as long as necessary for service delivery and legal compliance. You can request deletion of your account and associated data at any time. Upon deletion, your data is permanently removed from our systems within 30 days.

Third-Party Security

We carefully vet all third-party service providers and require them to meet our security standards. Data processing agreements are in place with all providers who handle customer data.

Compliance and Certifications

We are committed to maintaining compliance with relevant security standards and regulations:

  • SOC 2 Type II compliance (in progress)
  • GDPR compliance for EU users
  • CCPA compliance for California users
  • Regular third-party security audits and penetration testing

Incident Response

Response Plan

We maintain a comprehensive incident response plan that is regularly tested and updated. Our security team is available 24/7 to respond to security incidents. In the event of a breach, we will:

  • Contain and investigate the incident immediately
  • Notify affected customers within 72 hours
  • Provide regular updates on the investigation and remediation
  • Implement measures to prevent recurrence
  • Comply with all regulatory notification requirements

Security Best Practices for Users

You play a crucial role in keeping your account secure. We recommend:

  • Enable multi-factor authentication (MFA) on your account
  • Use a strong, unique password for your Vexelity AI account
  • Keep Orbit IDE updated to the latest version
  • Be cautious about sharing sensitive code or credentials in prompts
  • Review account activity regularly for suspicious access
  • Report any security concerns immediately
  • Do not share your account credentials with others

Responsible Disclosure

We welcome and appreciate security researchers who help us maintain the security of our services. If you discover a security vulnerability, please report it responsibly:

How to Report

Send vulnerability reports to: hello@vexelityai.com

Please include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity assessment
  • Your contact information for follow-up

Our Commitment

We will:

  • Acknowledge your report within 48 hours
  • Provide an estimated timeline for remediation
  • Keep you informed of our progress
  • Credit you publicly (if desired) once the issue is resolved
  • Not pursue legal action for good-faith security research

Responsible Disclosure Guidelines

Please:

  • Give us reasonable time to address the issue before public disclosure
  • Do not access or modify customer data beyond what's necessary to demonstrate the vulnerability
  • Do not perform testing that could degrade or disrupt our services
  • Do not use social engineering or physical attacks against our employees

Security Updates

We regularly update Orbit IDE and our services with security patches and improvements. Critical security updates are released as soon as possible, and users are notified through in-app notifications or email. We recommend enabling automatic updates to ensure you always have the latest security fixes.

Contact Security Team

For security-related questions, concerns, or to report a vulnerability:

Email: hello@vexelityai.com

PGP Key: Available upon request

Response Time: Within 48 hours

For general privacy questions, see our Privacy Policy or contact hello@vexelityai.com

This security page is updated regularly to reflect our current practices. Check back periodically for updates. Last reviewed: January 22, 2026