# Where your data lives Seal stores the operational state of your tenant on the Seal Platform: the packages it has discovered, the vulnerabilities associated with them, the Sealing Rules you have created, your Seal Projects' configuration, your tenant's users and tokens. This is the data the UI displays, the CLI works against, and the API exposes. What Seal sees varies with the [package discovery mode](/new-documentation/new-docs/package-discovery-mode.md) of each Seal Project. ## Source code mode Seal connects to your source control (GitHub, GitLab, or Azure DevOps), reads dependency manifests directly, and uses the resolved dependency graph to record the packages discovered for that Seal Project. Seal does not retain your source code; it parses manifests for the package list and stores that. For GitHub, the Seal GitHub App may also open automatic pull requests against your repositories when configured. Those PRs are written into your repository like any other PR. ## CLI mode Seal sees only what the Seal CLI reports during a CI/CD run. The CLI inspects your build's dependency tree, sends the package list to the platform, and applies sealing actions. **The platform does not receive your source code; it receives only the package list and fix-result telemetry the CLI reports.** This is the path most often chosen by source-restricted organizations. Seal can fully operate without read access to your source code. ## Artifact server mode Seal sees only the sealed packages your build pulls from the Seal Artifact Server. There is no upfront record of what is in your project; the platform's view fills in over time as your CI/CD pulls artifacts. ## Imported manifest mode You upload a manifest file or SBOM once; Seal parses it and records the discovered packages. There is no ongoing connection between Seal and the source of the manifest; the result is a snapshot at the time of upload. ## What Seal never sees In any package discovery mode, Seal does not see: * Your application's source code (other than what is required to parse manifests in source code mode). * Your customer data or production traffic. * Your secrets, credentials, or environment variables. * Anything outside the dependency graph. The only data Seal retains about your environment is the discovered-package list and what you create in the platform (Sealing Rules, Scanner Exclusions, and so on). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/architecture/where-your-data-lives.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.