Trust layer

Security

Leangetic is built local-first: your source code, secrets, and real data stay on your machine. We are designed so that even our own optimizations can never change your agent's output without proof, and your original agent is never modified.

Principles

Three properties hold by design: (1) local-first - the CLI runs on your machine and nothing is uploaded until you run optimize and approve a privacy preview; (2) provably safe - an optimization is served only after it is proven equivalent to your model on your own traffic, and every served step falls back to the original on any doubt; (3) non-destructive - your original agent is never modified, and switching over (or rolling back) is one reversible command.

What leaves your machine

By default the CLI listens to your agent in SHADOW mode and records only hashes of each model call (a step fingerprint and input/output fingerprints) plus token/cost/latency counts - never the content. When you run optimize:

  • A redacted bundle is sent: file/prompt structure with secrets stripped, file hashes, dependency names, aggregate metrics, representative task examples, trace summaries, and the hashes-only per-call rows. A local secret scanner redacts known credential patterns first, and common credential files (.env, .npmrc, local databases, virtual environments, dependency folders) are omitted.
  • Real input/output examples are sent only if you add --share-examples, and only after the privacy preview shows you the exact counts. They are used to synthesize deterministic code on our servers.
  • We never receive your API keys, raw .env files, or raw private databases. Your agent runs with your own model credentials, on your machine.

You can inspect exactly what would be uploaded with leangetic inspect-bundle before anything leaves the machine, and disable the engine entirely with LEANGETIC_ENGINE=off.

Output safety guarantee

The optimized hybrid is never trusted blindly. Each candidate change is measured in SHADOW against your real model and is promoted only when its output is structurally equivalent (text, tool calls, and stop reason) on your own calls with zero mismatches, and a judge confirms the result is cheaper with equal-or-better quality. At runtime every served step fails open to your original model on any error or low-confidence case, and a single later divergence automatically demotes it. Your original agent is preserved unchanged; leangetic rollback reverts instantly.

Infrastructure & operations

  • Hosting: a dedicated backend on Hetzner Cloud, isolated under a non-privileged service account.
  • In transit: all traffic to the API and site is served over HTTPS (TLS) with automatically renewed certificates.
  • Network: application ports are bound to localhost behind the reverse proxy; only HTTP/HTTPS and SSH are exposed.
  • SSH: key-only access (password authentication disabled), with automated brute-force banning (fail2ban).
  • Backups: the control-plane database (accounts, the credit ledger, compile jobs) is backed up on an automated daily schedule with retention.
  • Patching: unattended security updates are enabled; the host is kept current.
  • Isolation: the analysis model runs each request in a restricted environment so an untrusted prompt cannot read host secrets.

Authentication & access

Portal sign-in is handled by Clerk (Google, Apple, or email). Programmatic access uses scoped API keys; secrets are stored hashed, and a key can be revoked at any time. Access to organization data is tenant-scoped and enforced by role-based permissions, and operator/admin endpoints are gated behind a separate token. Payments, when enabled, run through Stripe Checkout; we never store full card numbers.

Data handling & retention

During the assisted alpha, uploaded bundles and generated artifacts should be treated as short-lived operational data tied to your project. You may request export or deletion of your project metadata and artifacts at any time by emailing support@leangetic.com. A Data Processing Addendum (DPA) is available on request.

What we do not have yet

We believe in being explicit. Leangetic is an early, assisted alpha operated by a small team. We do not yet hold SOC 2 or ISO 27001 certification, and we do not claim formal third-party audits. Encryption is applied in transit; we do not currently claim full encryption at rest. If your use requires a specific compliance posture, contact us before onboarding and we will tell you honestly where we stand.

Responsible disclosure

If you believe you have found a security issue, please email security@leangetic.com with details and steps to reproduce. We will acknowledge your report, investigate promptly, and keep you updated. Please do not publicly disclose an issue until we have had a reasonable chance to address it.