Security

How anytool keeps your tools and data safe

Sandboxed Execution

All tool execution happens in isolated, sandboxed environments. Each tool runs independently and cannot access other tools or user data.

Isolation Features

  • Separate execution context per tool
  • No access to file system
  • Limited network access (approved APIs only)
  • No access to environment variables
  • Cannot spawn child processes

Resource Limits

Tools are constrained to prevent abuse and ensure fair usage:

Execution Time

Tools automatically timeout after 30 seconds. This prevents infinite loops and long-running processes.

Memory

Each tool has a memory limit to prevent excessive resource consumption.

Rate Limiting

API requests are rate-limited to prevent abuse:

  • 100 tool generations per day
  • 1,000 tool executions per day
  • Limits can be increased for premium users

Data Privacy

Tool Code

Generated tool code belongs to you. By default, tools are private and only visible to your account.

Execution Data

Tool inputs and outputs are stored for 90 days to provide execution history. This data is private and encrypted at rest.

Data Deletion

When you delete a tool:

  • The tool code is permanently removed
  • All execution history is deleted
  • Data cannot be recovered

Authentication

anytool uses industry-standard authentication:

  • OAuth 2.0 for third-party integrations
  • Secure session management
  • API keys for programmatic access
  • Automatic session expiration

MCP Security

When connecting via MCP:

  • All communication is encrypted via HTTPS
  • OAuth authentication required for each client
  • You control which applications can access your tools
  • Revoke access anytime from your dashboard
  • Access logs available for audit

Code Generation

AI-generated code is reviewed for common security issues:

  • No execution of arbitrary system commands
  • No file system access
  • Limited to safe NPM packages
  • Input validation encouraged

Your Responsibility

While we provide security guardrails, you should:

  • Review generated code before using in production
  • Not input sensitive data (passwords, API keys) into tools
  • Be cautious with public tools
  • Report security concerns to security@anytoolhq.com

Infrastructure

anytool infrastructure follows best practices:

  • Encrypted data in transit (TLS 1.3)
  • Encrypted data at rest
  • Regular security audits
  • Automated vulnerability scanning
  • Incident response plan

Reporting Issues

If you discover a security vulnerability:

  1. Email security@anytoolhq.com
  2. Include detailed steps to reproduce
  3. Do not publicly disclose until we've addressed it
  4. We'll respond within 48 hours

Compliance

We take compliance seriously:

  • GDPR compliant for EU users
  • CCPA compliant for California users
  • Regular third-party security assessments