Security
Your code stays yours
Every architectural decision, from sandboxed execution to ephemeral storage, is designed to protect your intellectual property.
Sandboxed execution
Every agent runs in its own isolated, ephemeral sandbox with no network access to your internal systems. Sandboxes are destroyed the moment a task completes.
Read-only by default
Agents can analyse code and answer questions, but they can never push commits, open pull requests, or modify your source code.
Your code is never stored
Repositories are cloned into the sandbox at the start of each task and discarded when it ends. Your source code is never persisted or used for model training.
Encrypted at rest
All data is encrypted at rest with AES-256, including database records, backups, and temporary files.
Scoped permissions
You choose exactly which repositories to grant access to. We request the minimum OAuth scopes required and never ask for write access.
Role-based access control
Team members are assigned roles (Admin, Member, or Viewer) that control what they can see and do across agents, settings, and billing.
Have a security question?
We're happy to walk through our security architecture or share additional documentation.
Contact us