Overview
Security is built into how the service runs. This page describes the practices we use to protect your code and data. It reflects how the service operates today and will evolve as the product and our program mature.
How builds run
Builds and edits run in isolated sandbox clones. Each workspace operates in its own ephemeral environment so that one project’s execution cannot reach another’s data, and sandboxes are torn down when the work is complete.
Change control
Changes to your repositories are made only through reviewed pull requests. Nothing is merged silently — proposed edits are presented as scoped, reviewable PRs so you stay in control of what lands in your codebase.
Data protection
Application data and authentication are handled through managed Postgres and auth on Supabase. Data is encrypted in transit using TLS. We follow the principle of least privilege for access to systems that hold customer data.
Continuous monitoring
We continuously monitor the service for availability, errors, and suspicious activity. Logs and alerts help us detect and respond to issues quickly and investigate anything unusual.
Responsible disclosure
If you believe you have found a security vulnerability, please tell us before disclosing it publicly. Email security@code-anything.com with details and steps to reproduce. We appreciate good-faith reports and will work with you to resolve confirmed issues promptly.
Certifications
We do not currently hold any formal security certifications, and we do not claim any. As we earn certifications or complete independent audits, we will list them here.