Built to earn your repo access
Aient reads your production telemetry and your source code to fix bugs — so trust is the product. Here's exactly what we access, where your data lives, and the controls you keep.
In short
The five things that matter
- You control the autonomy. Human-in-the-loop by default — Aient opens a pull request and the merge button is yours. No auto-merge.
- Organisation-scoped isolation. Your code and telemetry are separated from other organisations, and every fix runs in an isolated, single-tenant sandbox.
- Your data stays in the EU — mostly. Storage is EU-resident. Only the remediation step (sandbox + LLM providers) processes in the US, under Standard Contractual Clauses.
- Revoke or scope anytime. Limit Aient to specific repositories at install, and revoke the GitHub App whenever you want.
- We never sell your data, and never share it with model providers for their own training.
What Aient accesses
Least privilege, by surface
Aient opens PRs — it does not push to your branches or merge without you.
Where your data goes
EU by default, honest about the rest
Stays in our EU infrastructure
- Telemetry — your traces, logs, and errors (EU)
- Object storage — verification evidence of fixes (EU)
- Supabase (EU region) — application data, protected with row-level security
Leaves only for the remediation step
- Single-tenant sandbox — where the fixing agent runs against your code, under Standard Contractual Clauses
- OpenAI / Anthropic — the code and telemetry context needed to diagnose and draft the fix, under Standard Contractual Clauses
We publish our full subprocessor list and notify on changes — see subprocessors. We do not claim end-to-end EU-only processing.
How your code is handled
Fetched per run, torn down after
Aient fetches your code per remediation run via your GitHub grant, runs the fixing agent in an isolated, single-tenant sandbox, and tears down the per-run working copy and sandbox afterward. Revoking GitHub access stops all future reads.
Your code is sent to OpenAI/Anthropic only as the context needed to diagnose and draft the fix, under their contractual terms. Code snippets (e.g. stack-trace context) can appear in retained diagnostics — see how we use your data below.
How we use your data
To make the fixes better
We use your telemetry and code samples to improve detection accuracy and fix quality, on the basis of legitimate interest (GDPR Art. 6(1)(f)), pseudonymized or anonymized where feasible and under a documented DPIA. You can object via legal@aient.ai.
Opt-out is an Enterprise term. Standard subscriptions include model-improvement rights; Enterprise customers can contractually opt out and get zero-retention handling. We state this plainly rather than bury it.
Retention. We target a 2-year retention period for telemetry (not guaranteed); source code is deleted within 30 days of account termination; anonymized, derived insights are retained longer; billing records are kept per legal requirement.
Your controls
- Limit Aient to specific repositories.
- Revoke the GitHub App at any time.
- Request a copy or deletion of your data (GDPR DSR).
- DPA available.
Enterprise
- SSO / SAML and audit logs.
- Contractual opt-out of model improvement.
- Custom data retention.
- SOC 2 report when available, and custom data-handling terms.
Compliance
- GDPR — EU storage residency, DPA + SCCs, documented ROPA, data-subject requests honored.
- SOC 2 — program in progress; report available to Enterprise as it matures. We don't claim certification we don't yet hold.
Reporting a vulnerability
Found something? Tell us.
Email security@aient.ai with the details and steps to reproduce. We welcome responsible disclosure and aim to acknowledge within five business days. For sensitive reports, encrypt with our PGP key. Our policy is published at /.well-known/security.txt.
FAQ
Questions, answered
Does Aient merge code on its own?
Where is my data stored?
Do you train on my code?
Can I limit or revoke Aient's access?
Is Aient SOC 2 certified?
Get started
Trust, then fixes
Connect a scoped GitHub App and your telemetry, and keep the merge button. You can revoke or narrow access at any time.