Security & Permissions

How Terragon handles data access and storage

Terragon only accesses data on your behalf when you authorize it to and only in response to your direct actions.

GitHub Access

What Terragon Can Do

Clone repositories you've granted access to
Create branches and commits
Open pull requests
Read issues and PR comments

What Terragon Cannot Do

Access repositories without your permission
Push to protected branches
Merge pull requests
Access your code outside of task execution

Environment Variables

Environment variables you configure for your repositories are encrypted at rest using industry-standard encryption.

AI Agent Credentials

When you connect your AI agent subscription or API key:

Your API key is encrypted and stored securely
It's used only to make requests on your behalf during task execution
You can disconnect your subscription or API key at any time from Settings

Data Privacy

Your Code is Private

We do not train on your codebase - Your code is never used to train AI models
Code is only accessed during active task execution when you request it
All code access is ephemeral and tied to your specific tasks

Sandbox Retention

Sandboxes are automatically deleted after 30 days of inactivity
This ensures your code and development environments don't persist indefinitely
Active sandboxes remain available as long as you're using them

Early access features

Try experimental new features as they're being developed

On this page

GitHub Access What Terragon Can Do What Terragon Cannot Do Environment Variables AI Agent Credentials Data Privacy Your Code is Private Sandbox Retention