Privacy
Local-first and private by default. You control whether anything leaves your boundary, and you can preview the exact sanitised payload before any external request.
Data flow
| Action | Data used | Where it goes | Who controls it | Retention | Disable? |
|---|---|---|---|---|---|
| Local search | Metadata + fingerprints | Stays on your machine | You | Local cache TTL | Yes |
| Private namespace search | Task + metadata | PatchMesh (your tenant) | You | Account lifetime | Yes |
| Enterprise search | Task + metadata | Your enterprise network | Org admins | Org policy | Yes |
| Public GitHub search | Sanitised task + language/framework | GitHub | Org policy | Not stored by us | Yes (policy) |
| Repository neighbourhood | Seed repo names | Local dataset lookup | Admins | Dataset version | Yes |
| Public PatchMesh search | Task + metadata | PatchMesh public index | Org policy | Index lifetime | Yes |
| Artifact retrieval | Capsule/commit reference | Content-addressed store | You | Until deleted | n/a |
Honest notes
- • Source files, secrets, repository/organisation names and internal symbols are not sent by default.
- • Hashes, embeddings and structural fingerprints can reveal limited information — govern by policy.
- • We do not train models on your code. We do not auto-publish private code.
- • Retrieved code (especially external GitHub candidates) is untrusted until reviewed and tested.