Security

Security is at the core of Crayon's architecture. Because our agents interact directly with your source code and execute terminal commands, we have built military-grade isolation to protect your assets.

Ephemeral Sandboxing

Every task executed by Crayon runs in a strictly isolated, ephemeral MicroVM. Once the agent completes its task or the timeout is reached, the VM is instantly destroyed. No state is shared between tasks or between users.

Zero Data Retention Policy for Code

We do not store your proprietary source code on our servers longer than necessary to complete the requested agent task. Your codebase is never used to train our base models.

Vulnerability Disclosure

If you believe you have discovered a vulnerability in Crayon, please email us immediately at security@crayon.dev. We operate a private bug bounty program and will respond within 24 hours.