Security, described honestly.
Every project runs in an isolated sandbox on dedicated hosts, every change is verified and snapshotted, and everything you build stays exportable. No compliance theatre - just the controls that actually exist.
- Per-project
- Isolated sandbox containers
- 1 click
- Full code + history export
- 0
- Private projects used for training
What ships with every plan.
No lock-in
Your project exports as a complete working codebase any time, and your full activity history exports as CSV. Leaving is always one click away.
Isolated sandboxes
Generated code runs in its own container on a dedicated sandbox host - never on the machines that serve the app or store user data. gVisor kernel isolation supported.
Encryption in transit
TLS on every connection: the app, every project preview URL, every deployment.
Sessions & access
HTTP-only session cookies via Better-Auth, GitHub OAuth or email + password. Admin surfaces are role-gated server-side.
Audit log export
Every agent turn, deployment, and credit movement is exportable as CSV from your account. Self-serve, any time.
Payments by Stripe
Stripe handles every card. We never see or store card numbers - only a customer token and the last four digits.
Running a vendor review?
Send your questionnaire to security@braincell.sh and you'll get answers from the people who wrote the code, typically within 24 hours on weekdays. A signed DPA (GDPR / UK-GDPR) is available for paid plans via legal@braincell.sh.
Security questions.
No. Private projects are never used to train shared models. The only models that touch your code are the inference calls you explicitly trigger.
Build with confidence.
Isolated sandboxes, verified changes, exportable history - and the source code to prove all three.