Hi @muffintheman! I’d suggest using a pattern like the one described here:
…which shows how to do “something conditional per branch during build”. You could put a robots.txt in place ONLY on branch deploys, or set a password as mentioned there - both will be effective for SEO. You could also just not link those branches anywhere google would find them 
We do AUTOMATICALLY do this at deploy preview URL’s (how we build your PR’s) for you - we send an HTTP response header X-robots-tag: noindex to prevent THOSE from being indexed directly (these have URL’s like https://somelonghash--yoursitename.netlify.com).