Back to documentation
Ownership & Security

Private and Public Repositories

Choose whether your project's code is private or public, and understand what each setting does and does not protect.

Every project repository is created as private by default: only you, collaborators you invite, and the platform's authorized OAuth access can see the code. You can make it public if you want to — it is your repository — but understand what the setting does and does not do.

What private means

A private repository's code, commit history, and issues are invisible to anyone without explicit access. Your product's source — the pages, logic, and structure the AI built — is not browsable, searchable, or indexable by others. For most businesses this is the right default: your booking logic is not secret exactly, but there is no reason to publish it either.

What private does not mean

  • Your live site is still public. Private code, public product — that is the normal arrangement for almost every website on the internet. Anyone can view your rendered pages and whatever JavaScript ships to the browser.
  • Privacy of code is not where secret-safety comes from. Even in a private repository, secrets do not belong in code. Generated projects keep all secrets in environment variables on Render, never in committed files, so that a repository leak, an accidental visibility flip, or a future open-sourcing decision does not expose credentials. See the Environment Variables guide.

Making a repository public

Reasons you might: sharing your work, open-sourcing a tool, letting a community contribute, or portfolio visibility. To switch, open the repository on GitHub, go to Settings, scroll to the Danger Zone, and change visibility.

Before you flip it, check two things:

  1. Secrets: generated projects are built to be safe here, but if you or a collaborator manually committed a key or password at any point, it lives in the git history, not just the current files. Rotate any credential that ever appeared in a commit — visibility changes do not erase history. GitHub's secret scanning helps but is not a substitute for rotation.
  2. Content: private repos accumulate candid TODO comments and draft copy. A quick read-through before publishing is worth it.

Collaborators

To give a developer or partner access without going public, add them as a collaborator: repository Settings, then Collaborators. You control the permission level (read, write, admin). This is the standard way to bring in professional help while the platform continues to handle change requests.

GitHub plan requirements

GitHub's free plan includes unlimited private repositories with unlimited collaborators, so keeping projects private costs nothing.

Summary: private by default, public by choice, and secret-safe either way because secrets were never in the code to begin with.