GDPR — Code analysis and personal data
GDPR governs personal data in the EU. Even code can carry personal data (logs, fixtures, PII in test files). Decoder's defaults minimise exposure.
What it is
EU regulation on processing personal data of EU residents.
Why it's useful
Defines lawful bases, data minimisation, residency, and breach notification obligations.
How Decoder implements it
No training on user code; BYOK isolates AI calls to your chosen provider; local inference keeps code on your machine.
When to use it
Vendor due diligence, DPA negotiation, internal audit.
When NOT to use it
Don't rely on this page for legal qualification — consult counsel.
Practical example
A reviewer pastes a log fixture with emails: running locally via Ollama keeps everything on-device.
FAQ
Glossary
- DPA
- Data Processing Agreement.
- Data residency
- Where data is physically processed/stored.
Related
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
Local AI lets you use Decoder's explain and chat features against a model running on your own hardware via Ollama or LM Studio — useful when code cannot leave your environment.