Actofy moves source code, diffs, logs, and prompts between your machine, sandboxes, model providers, and (only if you opt in) hosted runners. This page is the customer-facing trust contract.
Principles
- Local-first by default — repo state and run metadata stay on your Mac unless you choose hosted runners.
- No surprise egress — anything that sends repo content or prompts outside your process uses a named surface (BYOK key, hosted runner, connector) visible in Settings.
- Customer keys, customer contracts — with BYOK, your relationship with OpenAI or Anthropic is direct under their API terms.
- Evidence over claims — trust assertions on this site match shipped behavior; we tag roadmap items honestly.
What leaves your machine
- Prompts and tool outputs sent to the LLM via your API key (BYOK)
- OAuth tokens for source control — stored encrypted in your local credential vault
- Optional: hosted sync, team audit logs, and cloud runners when you subscribe to Team+ tiers
What we do not do
- We do not use your proprietary codebase to train our models
- We do not silently exfiltrate repo content to undisclosed third parties
- We do not merge or deploy without an explicit Checkpoint approval (unless your workspace policy explicitly allows it)
Enterprise customers: contact sales@actofy.ai for subprocessor lists, retention windows, and DPA review. Detailed retention SLAs and SOC2 posture are on the roadmap.