Legal & trust

Summaries — full counsel-reviewed copy before paid launch (G2).

Terms of Service

InSitue proposes code changes. Safe tier is draft-only and you are responsible for reviewing/merging. YOLO is an explicit, opt-in, path-allowlisted, reversible setting. AI-generated code is provided “as is”; the verify gate (typecheck+build) is a safeguard, not a warranty.

Privacy

Captured reports are secret-scrubbed on ingest. We store the report + run metadata. We do not retain customer source — repos are cloned into an ephemeral microVM that is destroyed after every run.

Data Processing Addendum

Sub-processors: Anthropic (model), Vercel (hosting + Sandbox), the Postgres host, Stripe (billing), Resend (email), Sentry. Customer code residency: ephemeral, per-run, isolated, never persisted.

Security

Read-only agent tools; the only untrusted execution is the customer’s own typecheck/build inside the Sandbox. Per-project + global kill-switch. Least-privilege GitHub/Vercel scopes per repo/project. Public ingest key is Origin-pinned + quota’d + spend-capped.