Security · JSX Tool

Last updated: October 10, 2025

JSX Tool is an early-stage product, and we are continuously working to improve our security posture. If you're working in a highly sensitive environment, you should carefully evaluate whether JSX Tool meets your security requirements. We hope this page helps you make an informed risk assessment.

How we protect your code

When you use JSX Tool's AI features, your code is sent to our servers and then to third-party AI model providers to generate suggestions.

We store requests and responses (including your code) on our servers to provide the Service, improve features, and for debugging purposes.
We select AI model providers that commit to zero data retention for enterprise customers, meaning they do not store your code after processing requests.
Your data is transmitted using industry-standard encryption (TLS).
We follow security best practices for access control, authentication, and data storage.

Important: While we select providers based on their security and privacy commitments, the handling of data by third-party AI providers is governed by their own security practices and terms of service. We encourage you to review the privacy policies of the AI providers we use.

Infrastructure and subprocessors

JSX Tool relies on the following third-party services to operate:

AWS - Our primary infrastructure is hosted on Amazon Web Services (AWS) in the United States. This includes our application servers and databases where we store requests, responses, and your code data.

Stripe - We use Stripe to handle all payment processing. Stripe stores your payment information (name, credit card, billing address) in accordance with their security standards and PCI compliance requirements.

AI Model Providers:

OpenAI - We use OpenAI's models to generate code suggestions. OpenAI commits to zero data retention for API customers. Learn more at https://openai.com/enterprise-privacy
Anthropic - We use Anthropic's models to generate code suggestions. Anthropic commits to zero data retention for API customers. Learn more at https://www.anthropic.com/security
Google (Gemini) - We use Google's Gemini models to generate code suggestions. Google Cloud commits to zero data retention for API customers. Learn more at https://cloud.google.com/terms/service-terms
DeepSeek - We use DeepSeek's models to generate code suggestions. Learn more at https://www.deepseek.com/

Note: Even if you configure your own API key for an AI provider, requests still route through our servers where we perform prompt building and request processing.

Other services:

We may use additional third-party services for analytics, monitoring, error tracking, and customer support. These services do not have access to your code data.

AI requests

To provide AI-powered features, JSX Tool sends your code to our servers and then to AI model providers. These requests typically include:

Code from files you're currently working on
Relevant context from your project
Your prompts and conversation history
Editor actions and selections

This code data is sent to our infrastructure on AWS where it is stored, and then forwarded to the appropriate AI model provider (OpenAI, Anthropic, Google, or DeepSeek). All requests go through our backend infrastructure, even if you have configured your own API key.

Reporting security issues

If you believe you have found a security vulnerability in JSX Tool, please report it to us at support@jsxtool.com. We take all security reports seriously and will respond as quickly as possible.

Please include:

A description of the vulnerability
Steps to reproduce the issue
Any relevant technical details
Your contact information

We commit to acknowledging security reports within 5 business days and addressing them as soon as we are able.

Contact us

Please submit potential vulnerabilities or security-related questions to support@jsxtool.com.