Compliance and Data Privacy

GDPR

• Pyvorin does not store raw source code by default.
• Workload hashes are irreversible SHA-256 digests.
• Usage events contain no personally identifiable information.
• Right to erasure: delete local ~/.pyvorin/ directory.

SOC 2

• All API traffic is TLS 1.2+ encrypted.
• License keys are hashed before transmission.
• Access logs are retained for 90 days.

HIPAA

For healthcare workloads:

• Do not enable raw source upload for PHI-containing code.
• Use on-premise / self-hosted compiler if required.
• Sign a BAA with Pyvorin for Enterprise plans.

Data Residency

Enterprise customers can select EU or US API regions:

export PYVORIN_THIN_API_BASE_URL=https://api-eu.pyvorin.com