SAFETY, PRIVACY, SECURITY

trust is the first feature

Name: honeycomb
Author: Legion Code

honeycomb remembers the most sensitive thing a developer tool can touch: your code and how you work. so safety, privacy, and security are not an afterthought, they are the starting point, shared across legion code, deep lake, and activeloop.

get honeycomb

the pillars

you own your data

memory lives in your own deep lake store, and deep lake can run in your own cloud account (google cloud, azure, or amazon). your data stays inside your perimeter. nothing is held hostage in a black box.

local-first by design

the quiet helper on your machine binds to loopback only and never opens a public port. it is the only thing that talks to your store, so there is one front door, not many. a single switch puts it in read-only mode for sensitive sessions.

secrets kept apart

api keys and other secrets are never stored alongside memory and are never shown to an assistant. an assistant can ask for a secret to be used, but it never gets to read the value. a full dump of your memory yields no credentials.

access kept in its lane

different companies, teams, and projects are separated where the data is stored, not just in the app, so two teams never share a row. within a team, sharing is opt-in: when in doubt, honeycomb shows less, not more.

a commitment shared by three teams

the same posture runs across the whole stack. activeloop builds deep lake to be enterprise-grade and to run in your own cloud, certified under soc 2 type ii. legion code builds developer tools on one promise: your code, on a standard you can defend. honeycomb sits on top of both, with its memory store you own, its loopback-only helper, and its secrets kept apart. safety, privacy, and security are not three separate stories, they are one. (deeplake.ai and legioncodeinc.com, captured 2026-06.)

see the deep lake store

how the boundaries actually hold

security here is not a setting you switch on, it is the shape of the system. one helper on your machine is the only thing that ever reaches your store, so there is a single place where access is checked, secrets are handled, and scope is enforced. a stray assistant or hook can ask that helper to do work on your behalf, but it cannot reach the store directly and cannot see another team data.

scope is enforced where the data lives, not only in the app a curious user might patch. every memory carries which company, team, and project it belongs to, and a request that asks for something outside its lane is refused rather than quietly widened. the default leans private and safe: a malformed request falls back to the most private setting, never the most open one.

and when memory is touched, it is auditable. every memory is a real row you can read, scope, and repair, with its history kept. you are never asked to trust a black box, because you can see exactly what was remembered and change it.

deep lake is built to be enterprise-grade and to run in your own cloud, certified under soc 2 type ii. honeycomb inherits that posture and adds its own: a memory store you own, a loopback-only helper, and secrets kept apart from memory. the security facts here are rewritten in honeycomb own words from public materials.

source: deeplake.ai, activeloop.ai, and legioncodeinc.com, captured 2026-06

common questions

where does my data live?

in your own deep lake store, which can run in your own cloud account (google cloud, azure, or amazon). your memory stays inside your perimeter, separated by team and project at the storage layer. (activeloop.ai, captured 2026-06.)

can an assistant read my api keys?

no. secrets are kept apart from memory and are never shown to an assistant. an assistant can ask for a secret to be used in a command, and only the redacted result comes back; the value itself never passes through its context.

does honeycomb open a port to the internet?

no. the helper on your machine binds to loopback only and never opens a public port. it is the only thing that talks to your store, and remote access requires a valid, scoped token.

can i stop it from recording a sensitive session?

yes. a single switch puts honeycomb in read-only mode for a session, so it recalls but records nothing. it is a per-session escape hatch for work with credentials, personal data, or regulated material.

who stands behind the security posture?

all three teams. activeloop builds deep lake to be enterprise-grade and soc 2 type ii certified, legion code builds tools on a standard you can defend, and honeycomb adds a store you own, a loopback-only helper, and secrets kept apart. (deeplake.ai and legioncodeinc.com, captured 2026-06.)