Security & Safe Usage

Security & Safe Usage

Building with CodePup AI should always be safe, predictable, and secure.
This page highlights how CodePup AI handles sensitive information and how you can protect your data while generating or modifying projects.

Never Share Secrets in Prompts

Avoid entering any of the following directly in prompts:

• Passwords
• API keys
• Access tokens
• Database connection strings
• Secrets embedded inside code blocks

These should never be written in the natural-language prompt.

Avoid

Sharing secrets inside prompts exposes them to the generated code and can lead to accidental misuse.
Avoid putting any confidential values in prompts at all.

Secure API Key Input (Safe Dialog Boxes)

When generating projects requiring external services, CodePup AI provides dedicated secure dialogs for entering secrets such as:

• Supabase access token
• Stripe secret key
• Resend API key
• Custom provider tokens (if required)

These dialog boxes appear before generation begins, ensuring secrets stay isolated from your main prompt.

Your API keys are used only for:

• Validating service connections
• Setting up environment variables
• Auto-configuring integrations (if requested)

They are never logged or stored elsewhere.

Note

CodePup AI uses these values only to configure the generated project structure.
They are not included in analytics or training operations.

CodePup AI Is Not Responsible for Secrets Shared in Prompts

If you choose to paste sensitive information directly in your prompts, you assume full responsibility for any potential misuse or exposure.

Danger

CodePup AI cannot recover or protect any credential that you manually include in a prompt.
Always use the secure dialog boxes for passing secrets.

Additional Security Notes

• Environment variables are created securely inside the project structure.
• Code involving secrets is generated using safe access patterns (e.g., process.env.* or platform-specific environments).
• Client-side code never embeds backend secrets; warnings are displayed when a value appears unsafe.

RLS (Role-Level Security)

RLS policies determine who can access what data in your database. We recommend you carefully review them before publishing your project, and keep revisiting and updating them as you develop the project.

Best Practices for You

• Rotate keys periodically.
• Use development-only keys during generation/testing.
• Export to GitHub and review .env.example and deployment configs before going live.

Tip

Use separate keys for development and production for maximum safety.