Security & Privacy
Learn about Palmier’s security practices and privacy policies
We take security and privacy seriously. Here are the key principles that guide our approach to protecting your data and code.
Code Privacy
1. We Don’t Store Your Code
Palmier does not store any of your code on our servers. Your code remains in your repositories and is only accessed when explicitly needed during agent execution.
2. Temporary Access Only
Your code is only accessible by your agent during the lifecycle of the agent execution. Once the agent completes its task, all access to your code is terminated.
3. Sandbox Isolation
All code access happens within isolated sandboxes that are:
- Created when an agent starts execution
- Destroyed immediately when the agent completes or terminates
- Isolated from other users and executions
4. No Model Training
We do not train any models or use your code or information for any machine learning purposes. Your code and data remain strictly private and are never used to improve our AI models or services.
Data Protection
Secure Communication
All communication between your systems and Palmier uses industry-standard encryption protocols to ensure your data remains secure in transit.
Access Controls
- Agent access is limited to only the repositories and resources you explicitly authorize
- Permissions are granted on a per-execution basis
- No persistent access tokens are stored
API Tokens
Setting up environment variables both in the agent environment and some MCP servers require the use of API tokens.
API tokens from MCP servers and secrets in agent environment are stored securely in a vault with encryption at rest. Once saved, secret values cannot be viewed for security reasons, but can be updated.
If you have any security concerns or questions, please don’t hesitate to reach out to our team at founders@palmier.io.