We take security and privacy seriously. Here are the key principles that guide our approach to protecting your data and code.

Code Privacy

1. We Don’t Store Your Code

Palmier does not store any of your code on our servers. Your code remains in your repositories and is only accessed when explicitly needed during agent execution.

2. Temporary Access Only

Your code is only accessible by your agent during the lifecycle of the agent execution. Once the agent completes its task, all access to your code is terminated.

3. Sandbox Isolation

All code access happens within isolated sandboxes that are:

  • Created when an agent starts execution
  • Destroyed immediately when the agent completes or terminates
  • Isolated from other users and executions

4. No Model Training

We do not train any models or use your code or information for any machine learning purposes. Your code and data remain strictly private and are never used to improve our AI models or services.

Data Protection

Secure Communication

All communication between your systems and Palmier uses industry-standard encryption protocols to ensure your data remains secure in transit.

Access Controls

  • Agent access is limited to only the repositories and resources you explicitly authorize
  • Permissions are granted on a per-execution basis
  • No persistent access tokens are stored

API Tokens

Setting up environment variables both in the agent environment and some MCP servers require the use of API tokens.

API tokens from MCP servers and secrets in agent environment are stored securely in a vault with encryption at rest. Once saved, secret values cannot be viewed for security reasons, but can be updated.


If you have any security concerns or questions, please don’t hesitate to reach out to our team at founders@palmier.io.