Security & privacy
What we touch, what we keep, and what never leaves your machine.
Your microphone
Audio streams only during a call you have picked up, and only for as long as the call is live. Hanging up ends the stream. We don't record or store call audio — the one exception is a voicemail you missed, which is synthesized speech of a text brief (not your voice) and is listed in your dashboard for you to delete.
Your code never leaves your machine
Dispatched work runs through the local connector — the same coding agent you already run, on your own hardware, under your own credentials. callsend never holds your repository keys and never clones your private code to our servers.
GitHub access is read-only and revocable
The demo and spoken briefs read repositories, pull requests, and CI through a read-only GitHub App you install and can revoke at any time. We request no write scopes.
The demo sandbox is isolated
The zero-install demo can run one small agent task in a throwaway container with no network access, no credentials mounted, dropped Linux capabilities, and a hard time and resource cap. It only ever touches a public repository you point it at, and it's destroyed after the run.
Tokens and abuse limits
Per-call tokens are single-purpose and compared in constant time. Calls have a wall-clock ceiling and per-call limits on research and lookups, so a shared demo link can't run up unbounded cost.
Payments
Billing is handled by Polar as the merchant of record — card details go to Polar, not to us, and VAT is handled for you.
Reporting an issue
Found something? Email [email protected] — see also security.txt.