Code With Me security FAQ
When you start working with Code With Me, some questions on security may appear. The most frequent questions are collected in the FAQ section but also this page covers some on-premises setup-related sides.
Since Code With Me is a plugin, it is supported in the majority of the JetBrains products. You can follow the getting started guide in a product with which you are working to get familiar with the UI:
Data that you share during the Code With Me session is going through the JetBrains' servers and you can check the more detailed information in the FAQ section.
If, for security reasons, you don't want to use the JetBrains' servers, you can control the IT infrastructure and data that goes back and forth by configuring the on-premises servers.
Depending on the requirements for setting up the servers, you can use a quick setup for evaluation purposes and testing, or refer to Code With Me administration guide to configure the relay and lobby servers.
If you come across problems during configuration or have some questions about privacy policies, agreements or other related subjects, use the following links and addresses that might help solve your issues.
JetBrains Account Agreement is available here
The payment methods data about purchases are stored only on the side of our PCI DSS compliant payment gateway provider "Adyen"
Customers of our shop data are stored in Ireland (AWS)
Use the following table to get more information on security in addition to general security FAQ.
Who are the contact persons responsible for IT-Security, Data, legal and technical questions?
Where can I find a template of the data processing addendum (DPA) which will be closed between the parties, the list of technical and organizational measures, and the general terms of JetBrains for Code With Me?
Are there any additional documents or information regarding security measures implemented in Code With Me?
You can check the security FAQ to see the detailed information about security measures.
Is there information about the most recent penetration (pen) test performed? This may include the pen test report and certificate. Otherwise, supply the date, duration, scope, an overview of the findings, and the current status of the implementation.
We haven’t performed any external pen testing for Code With Me yet. However, the JetBrains Security team conducted an internal security audit before the Code With Me release. Also, since version 2021.3, IDEs have PGP SIGNATURES validation of downloaded thin clients to check they are signed by JetBrains.
How can we disable users access to Code With Me from corporate workstations?
Is there a list of applied sub-processors by JetBrains?
You can check the third-party services here.
Can access to Code With Me be protected by additional authentication?
Currently on-premises server does not support an additional authentication. We're going to support it in the future versions.
What audit logs does Code With Me on-premises have?
There are no dedicated audit logs. Lobby and relay servers write the audit/session information in to their logs, if the option JSON_CONSOLE_LOGGING is set as
Is there a list of all locations in which our data will be processed, including backup systems?
JetBrains can access only the limited data such as local IP addresses, project name, and username. Lobby and Relay servers (if not on-premises) are hosted in Google Cloud Platform. The lobby server (sessions creation and control) is currently located in GCP in Finland. Relay servers are located in different regions and are chosen based on proximity.
The current relays locations are as follows: