Security Policy
How Tusk keeps your code and data secure
Security & Privacy
Tusk and our LLM providers (Anthropic, OpenAI, Gemini) do not use your source code to train models. These LLM providers may securely retain API inputs and outputs for up to 30 days to identify abuse.
Tusk uses multi-tenant architecture to provide isolation between customers, so your source code will not be accessible to other customers. Tusk stores non-readable embeddings of the files in your synced code repositories, not the files themselves.
If requested, we can block specific directories from being synced such that Tusk never gets access to embeddings of files in those directories. When Tusk needs to view a full file, our AI agent fetches the file from the GitHub API at runtime without permanent storage on our servers.
Tusk does not modify any code in your code repository that it has not created. Our AI agent will only add commits and discussion comments to the pull requests (PRs) that it has created.
All REST API transmissions are HTTPS-protected, and we use TLS for data encryption. Stringent access controls restrict data access to authorized personnel only. Our team has continuous monitoring set up to ensure immediate response to potential security threats.
Data Ownership
You retain all rights to the inputs that you provide to Tusk. You own any output that you rightfully receive from our services to the extent permitted by law.
We only receive rights in input and output as required to provide you with our services, comply with applicable law, and enforce our policies.
Please see our Privacy Policy for more details.
GitHub Permissions
Read access
- Checks
- Deployments
- Members
- Metadata
Read and write access
- Actions
- Code
- Commit statuses
- Discussions
- Issues
- Pull requests
- Repository hooks
- Workflows