MeshiaDocs
All docsPricing
Continue
All docs
Getting started
Your first sessionThe workspaceSSH access
Core concepts
Agent rolesSoon
ExperimentsResearch plans
CanvasSoon
WorkflowsSoon
Integrations
GitHub
WebhooksSoon
Notifications
Platform
Billing and plansAgent memoryMulti-chatKeyboard shortcuts
Reference
GPU catalogAgent toolsSecurityLimits and quotas
Reference

Security

How Meshia handles your data

Your code and data live on an isolated GPU pod provisioned just for your session. Pods are single-tenant; no other user shares your machine. While the session is active, /workspace is backed by a per-session workspace volume. When you stop a session, Meshia releases compute and attempts to release that workspace volume too. Chat history, events, and exported artifacts persist in Meshia; raw workspace files persist only when Meshia explicitly retains a volume for recovery/resume.

Network isolation

Each pod runs in its own network namespace. Pods cannot communicate with each other. Inbound traffic is restricted to your authenticated session connection and SSH (if you've configured a key). Outbound traffic is unrestricted so your agent can download datasets, clone repos, and install packages.

Authentication

Meshia uses one-time 6-digit email codes for authentication. No passwords are stored. Session tokens expire after 30 days of inactivity. Meshia is not currently a public API-key product; app routes stay behind the signed-in web session.

Secrets management

If your workflow needs API keys (OpenAI, Hugging Face, Weights & Biases, etc.), add them in Settings > Environment. They're encrypted at rest with AES-256-GCM and synced to new and active pods through the authenticated pod channel. The agent can use them at runtime; values are scrubbed from chat and tool output and never shown after save.

The agent actively scans for secrets before committing code. If it detects an API key, password, or token in staged files, it refuses to commit and tells you what it found.

Git safety

All Git operations follow strict safety rails documented in the GitHub integration page. The short version: no force push, no merge to main, no destructive operations, no secrets in commits. These rules are enforced at the platform level and cannot be overridden.

Data retention

  • Workspace filesystem: released on normal stop; retained only when Meshia keeps a recovery volume for resume
  • Chat, terminal logs, and session events: retained with the session record
  • Experiment data (metrics, configs, artifacts): retained per your plan (30 days on Trial, unlimited on Pro)
  • Agent memory: retained until you delete it from Settings > Memory
  • Account data: retained until you delete your account. Email shiva@meshia.io to request full deletion.

SOC 2 and compliance

We're pre-SOC 2. If your organization requires compliance documentation, email shiva@meshia.io and we'll work through your security questionnaire directly.

← Agent toolsLimits and quotas →