Security & trust

One repo, in a sandbox, then gone

GEO Repair is built to need as little of your trust as possible. Here's exactly what we touch, what we never touch, and what happens to your code.

Our commitments

Four promises we design around

Your code is never kept

We clone your repository into an ephemeral sandbox, make the fixes, open the pull request, and destroy the sandbox. Nothing persists after the run.

Only the one repo you pick is touched

Least-privilege by design. We request access to a single repository, the one you choose, and never the rest of your account or organization.

No confidential data leaves to third parties

Your source stays inside the run. We don't sell it, share it, or pass it to third-party services beyond what's needed to open your pull request.

Zero data retention, no model training

Your code is never used to train models and is not retained after the sandbox is destroyed. Readiness is measured, the fix is shipped, and nothing is stored.

Least privilege

What we access, and what we don't

We ask for the narrowest access that lets us open a useful pull request, and nothing more.

  • The one public site you scan (free checkup)
  • The single repository you explicitly select
  • An ephemeral sandbox that's destroyed after the run
  • Your other repositories or your whole account
  • Your code, retained after the pull request opens
  • Your code, used to train models

Sandbox lifecycle

What happens during a fix run

Every run is isolated and short-lived. Here's the full lifecycle, start to finish.

  1. 01

    Provision

    When you approve a fix, we spin up a fresh, isolated sandbox scoped to the single repository you picked.

  2. 02

    Clone & fix

    The repo is cloned into the sandbox. The agent edits only the checks it flagged, then runs the build and type-check to verify nothing broke.

  3. 03

    Open the PR

    The agent pushes a branch and opens a pull request for your review. You decide what merges.

  4. 04

    Destroy

    The sandbox and its clone are torn down. Nothing about your code persists on our side.

FAQ

Security questions

The things people ask before they connect a repo.

Do you store my source code?

No. Your code lives only inside an ephemeral sandbox for the duration of a single run. Once the pull request is opened, the sandbox and the clone are destroyed and nothing is retained.

Do you train AI models on my code?

No. Your code is never used to train models. It is read to make the specific fixes you approved and for nothing else.

What access do you request on my repository?

Least-privilege, single-repository access. We request access to the one repository you select, never your other repositories, organization, or account-wide permissions.

Does the free checkup touch my code at all?

No. The free checkup only fetches your public pages, the same way an AI crawler would, and respects your robots.txt. It never touches your repository; that only happens if you approve a fix run.