Home> Use Cases> GDPR Data Flow

GDPR Data Flow for AI Code Review

Design your review path so code processing stays inside your declared boundary.

Step 1: classify code sensitivity

Tag repositories by data sensitivity before any automation. Keep highly sensitive code in stricter review paths (local model or restricted VPC).

Step 2: map processing locations

  • Developer machine (VibeRails app + local repo)
  • CLI backend used for inference routing
  • Model endpoint (cloud API or local/private endpoint)
  • Artifact storage for review exports

Keep this map in your privacy documentation and update it whenever backend routing changes.

Step 3: choose deployment mode by risk

  • Standard: approved provider APIs for lower-risk repos.
  • Restricted: private VPC endpoint with controlled egress.
  • Local: local model runtime on managed hardware.

Step 4: operational controls

  • Per-repo policy on allowed model endpoints.
  • Human approval before fix execution.
  • Retention policy for exports and logs.
  • Quarterly review of data-flow map.

Related pages

Set your data boundary first.

Then pick the model route that matches your policy.

Download Free