Security
How Aria keeps your work safe — per-agent isolated sandboxes, least-privilege access, scoped repository permissions, and encryption in transit.
This is a template — review with counsel before relying on it. It is provided for illustration and does not constitute legal advice.
Per-agent sandbox
1 of 1
Connected repos
scoped
In transit
TLS 1.3
Security as a default, not a feature.
Aria runs a whole company of autonomous agents on your behalf. Because those agents take real actions — reading code, opening pull requests, deploying — security can't be an afterthought. It's the foundation the platform is built on.
The guiding ideas are simple: isolate everything, grant the least access necessary, and never touch what you haven't connected. Below is how that plays out in practice.
Every agent runs in its own contained environment.
Each agent operates inside its own isolated sandbox — a contained execution environment with its own filesystem and process boundary. One workspace cannot see or reach into another, and a single agent's blast radius is confined to the sandbox it runs in.
Agents reach only what you explicitly authorize.
Aria has no standing access to your systems. Agents can only touch a repository, service, or resource after you explicitly connect it and approve the scope. Nothing is connected by default.
Narrow, revocable permissions on the repos you select.
When you connect a code host such as GitHub, Aria requests the minimum scope needed to do the work you've asked for, on the repositories you select — not your whole account.
What we store, where, and how it’s protected.
We store the minimum needed to run your company: account details, connected project content, session transcripts, and operational telemetry. Access to production data is restricted to a small set of authorized personnel on a need-to-know basis, and such access is logged.
Your data is protected as it moves.
All traffic between you, the platform, and the services we depend on is encrypted in transit using modern TLS. Credentials and tokens for your connected integrations are stored encrypted and handled as secrets, never exposed in logs or transcripts.
We follow current best practices for key management and rotate secrets on a regular schedule. As the platform matures we continue to harden encryption at rest across our storage layers.
Found something? We want to hear from you.
We welcome reports from security researchers and act on them quickly. If you believe you've found a vulnerability, please report it to us privately so we can investigate and fix it before it's disclosed publicly.
We'll acknowledge your report, keep you updated on our progress, and credit researchers who help us keep Aria safe — with their permission.
How to reach our security team.
For vulnerability reports, email security@stackbooster.io. For general security questions or to request our current sub-processor list and practices, use the contact page.
Talk to a human. We're happy to walk through how any of this applies to your company.