Skip to main content

Privacy

Last updated · 2026-07-03

  1. 01

    Scope

    This policy covers opencovenant.org (this site), docs.opencovenant.org (the documentation), and sandbox.opencovenant.org (the public sandbox). The marketing and docs sites are static informational pages. The sandbox runs anonymous coding tasks inside ephemeral, single-use microVMs that are torn down when the run finishes. None of these sites ask you to sign up. This policy also covers Covenant Guard (the covguard binary, its Claude Code plugin, and its MCP server), which runs entirely on your machine; see the Covenant Guard section below.

  2. 02

    What we collect

    Contact form (opencovenant.org). Your name, email address, and the message you write. We receive them in our inbox so we can reply.

    Sandbox (sandbox.opencovenant.org).

    • The text of the build request you submit (the “intent”).
    • Output of the run, including files the agent wrote in the sandbox, terminal output, and the response, held only long enough to render it back in your browser.
    • Your IP address (or the right-most value of X-Forwarded-Forfrom a proxy we trust), held in memory to enforce a per-IP rate limit so a single client can't drain the daily budget. It is not written to disk.
    • Entries in the append-only audit chain the daemon writes for each run, covering agent name, tool invocations, run durations, and the paths and byte counts of files the sandbox wrote. The intent text is included.

    Bot detection. The sandbox uses Cloudflare Turnstile in interaction-only mode to refuse automated traffic. Cloudflare receives the device and network signals it needs to score the request. We reference Cloudflare's Turnstile Privacy Addendum (published as part of Cloudflare's privacy policy at cloudflare.com/privacypolicy) for the specific signals Turnstile processes and how Cloudflare uses them. Loading the widget sets short-lived cookies on Cloudflare's challenge subdomain.

    Cookies, analytics, tracking. None on opencovenant.org or docs.opencovenant.org. None on sandbox.opencovenant.org other than the Cloudflare cookies described above.

  3. 03

    Covenant Guard (covguard)

    Local software, no backend. The covguard binary, the Covenant Guard plugin for Claude Code, and the bundled MCP server run entirely on your machine. We operate no service behind them and receive nothing from them: no telemetry, no analytics, no crash reports, and no accounts.

    Model traffic.During a guarded run, your coding agent's model calls pass through a metering proxy that listens only on your machine's loopback interface and forwards them directly to the model provider the agent uses (for example api.anthropic.com or api.openai.com), under that provider's own privacy policy. covguard reads usage figures from those responses in memory to count spend; it does not send your prompts, code, or the model's responses anywhere else, and it does not store their content.

    What it stores, and where. Receipts, event logs (run timings, token counts, computed cost, files changed in the workspace, and commands the agent reported), share cards, and the local signing key are files on your own disk under ~/.covenant-guard (or COVGUARD_HOME). They stay there unless you choose to share them. Deleting that directory deletes them.

    The plugin and MCP server. The /guard command and the MCP tools (guard_status, guard_receipts, guard_verify) only read that local state. The session hook reports run events to the loopback proxy of an active guarded run on your machine. None of these components talk to us.

    Downloads. Installing covguard fetches release binaries from GitHub, which sees the download request under GitHub's privacy statement. The install script itself is served by this site and is covered by the sections above.

  4. 04

    How we use it

    • Reply to your contact message.
    • Run your sandbox task and stream the result back to your browser.
    • Refuse bot traffic and rate-limit clients that try to exhaust the daily budget.
    • Keep a tamper-evident record of what each run did. The audit chain is one of Covenant's core security guarantees.
    • We don't sell what we collect. We don't share it with advertising networks. There are no advertising networks on these sites.
  5. 05

    Third parties

    • Cloudflare. Bot detection on the sandbox via Turnstile, in interaction-only mode. See cloudflare.com/privacypolicy and the Turnstile Privacy Addendum referenced there.
    • Resend. Delivers the contact form emails to our inbox. See resend.com/legal/privacy-policy.
    • Anthropic. Runs the underlying coding model that powers sandbox runs. Your intent text and any context the model needs to do its job are sent to Anthropic. See anthropic.com/legal/privacy.
    • E2B. Provisions the ephemeral microVM your sandbox run executes in. See e2b.dev/privacy.
  6. 06

    Retention

    • Contact emails. Until we delete them from our inbox. No automated deletion schedule.
    • Sandbox run output and audit chain.Kept as long as the daemon's store keeps it. The chain is designed for tamper-evident retention, not aggressive deletion.
    • Rate-limit state. In memory only. Cleared when the gateway restarts.
  7. 07

    Your choices

    • The sandbox needs no account. If you don't want a request recorded, don't submit it.
    • To ask us to delete a contact message or a specific sandbox run, write us via contact.
    • Blocking Cloudflare cookies will block the Turnstile check, which will prevent sandbox submissions.
  8. 08

    Security disclosures

    Report a security issue via contact. We aim to acknowledge within a few business days.

  9. 09

    Changes

    When we change this policy, the “last updated” date at the top moves and the change is committed to the public repository at github.com/open-covenant/covenant.

  10. 10

    Contact

    Questions about this policy: opencovenant.org/contact.