Superblocks AI Security & Privacy Practices
At Superblocks, we're committed to data privacy, security, and transparency about how we handle customer data and keep it secure. The following guide explains how Superblocks AI works and is designed to uphold these principles.
Security basics
- Superblocks AI only works with data that users can already access
- Customer data is never used to train large language models (LLMs)
- No PII or customer data is ever stored by Superblocks or LLM providers
Superblocks AI falls under the same security program as the rest of Superblocks. For more information, visit our Trust Center.
What is Superblocks AI
Superblocks AI is a suite of AI-powered capabilities built into Superblocks to help accelerate development. You can use Superblocks AI to:
- Design application UIs with human language
- Get code suggestions as you type in the Superblocks IDE
- Chat with Superblocks AI to get help writing code
- Get suggestions on how to refactor code to improve performance or prevent bugs
- Generate documentation for code to improve maintainability
- Explain code written by others to accelerate onboarding
How Superblocks AI works
Superblocks AI uses third party large language models (LLMs) along with context from your application and Superblocks organization to give personalized code suggestions. As you use Superblocks AI, we capture your prompt, as well as certain information about your application (e.g., components you've used, state variable names, data schemas, etc). This information is sent to LLMs to process. The LLM generates a response and Superblocks AI returns the response to you. You can then choose to accept the AI suggestion or not. LLMs do not retain any information from the request.
FAQs
Who provides Superblocks AI models?
Superblocks currently uses various large language models (LLMs) hosted by the following providers to generate suggestions and autocompletions when writing code:
We continuously evaluate LLM providers and their models to provide the highest quality experience using Superblocks AI. Any third parties that process Customer Data will be published to our Subprocessor List.
What data is sent to LLMs?
To provide the best code suggestions possible, Superblocks sends additional contextual information to AI providers when generating code. This could include information like:
- The state of your application, including component names, component configurations, state variables, APIs names, etc
- Schema info for data sources used in the app, including table names, columns, bucket names, topic names, API endpoints and schemas, etc
- The text you write when prompting the AI to modify components or generate code
- The code you're writing in Python, JavaScript, and SQL steps
Is my data used to train 3rd party models?
Superblocks' AI Subprocessors do not use Customer Data to train models. We specifically have contractual agreements in place with our AI Subprocessors that prohibit the use of Customer Data to train their models.
Using Superblocks AI does not grant Superblocks any right or license to your Customer Data to train our models.
Does Superblocks AI respect a user's permissions?
Yes, Superblocks AI honors the existing permissions a user has. LLMs and AI Models used to generate responses for a user cannot see or use any information that the user doesn't have access to.
For example, if a developer doesn't have access to a particular database Integration, no information about that Integration will be used by models when generating code suggestions for the user.
How does Superblocks AI protect my Customer Data?
Superblocks AI is designed to protect your Customer Data and prevent information leaks to other users of the service.
Prior to engaging with third-party Subprocessors or vendors, Superblocks evaluates their privacy, security, and confidentiality practices, and executes an agreement implementing its applicable security, privacy, and legal obligations. All Subprocessors are monitored and reviewed to ensure continued compliance with Superblock's security and privacy expectations.
Anytime we send data to third parties, it is encrypted in-transit using TLS 1.2 or greater.
Superblocks AI suggestions are ephemeral – meaning, suggestions disappear and they aren't stored on devices or servers.
Does Superblocks AI retain any data?
Superblocks AI LLM providers utilize zero data retention policies, so no data is stored by LLM providers.
Superblocks AI stores a history of your interactions with it, including the prompt you sent, the response your received, and if you choose to accept or reject the suggestion. The history of code suggestions are stored for 14 days and are subject to Superblocks data retention policies.
What compliance standards does Superblocks AI meet?
Superblocks AI is included in scope of Superblocks's SOC 2 Type 2 report. Superblocks AI also enables HIPAA compliance by utilizing LLM provider's zero-retention APIs.
Can I turn off or limit Superblocks AI?
Yes, when using Superblocks AI you can control the languages where you'll get code suggestions and what data is sent to LLMs. You can also disable Superblocks AI for your organization wholesale.
Use Developer Preferences to change the languages where you'll get code suggestions and configure the data sent. To disable this feature for your entire organization, please contact support at support@superblocks.com.