Security & Privacy

Source Code Handling

By default, Pyvorin does not upload raw source code. It sends a SHA-256 hash of your source to the compile API. Raw source upload is opt-in via PYVORIN_THIN_SEND_SOURCE=1.

License Key Security

Your license key is stored locally in thin_config.json. When transmitted to the server, it is hashed (SHA-256) — the raw key is never sent in plain text.

Telemetry

Usage events contain:

• License key hash (not the raw key)
• Workload hash (not the raw source)
• Backend used, fallback status, correctness result
• Execution time

Events are non-billable if correctness fails or fallback was used. You can disable telemetry: pyvorin telemetry off

Local Data

• ~/.pyvorin/cache — compiled artifact cache
• ~/.pyvorin/usage — local usage event JSON files
• ~/.pyvorin/queue — offline event queue