Skip to main content
YaliCodeAll docs

Privacy & Security

How we handle your data, secure your code, and protect your account.

Code execution security

Every code execution runs in its own Docker container with strict isolation:

  • No network access (containers cannot make outbound connections)
  • Read-only filesystem (only /tmp is writable, 64MB limit)
  • All Linux capabilities dropped
  • Process limit (512 PIDs max)
  • Memory and CPU limits enforced
  • Custom seccomp profile blocks dangerous syscalls
  • gVisor kernel available for additional isolation
  • Containers are single-use and destroyed after execution

Data storage

Project files are stored in Supabase (PostgreSQL) with row-level security. Environment variables are encrypted at rest. We do not read, analyze, or sell your code.

Authentication

Authentication is handled by Supabase Auth. Passwords are hashed with bcrypt. OAuth tokens from GitHub and Google are not stored on our servers (Supabase manages them).

AI features

When you use AI features (code completion, error explanation, etc.), your code is sent to OpenRouter (which routes to language models). We do not store AI conversations. You can disable AI features entirely in settings.

Files matching patterns in .aiignore are never sent to AI providers.

Data export and deletion

You can export all your data from Settings > Account > Export Data. You can delete your account from Settings > Account > Danger Zone. Deletion removes all projects, files, and profile data. This action is irreversible.

Infrastructure

YaliCode runs on a dedicated server in Europe (Hetzner). Traffic is encrypted with TLS 1.3. We use fail2ban for brute force protection, rate limiting on all endpoints, and automated monitoring with alerts.