Security & Trust
Security is not a feature - it is the foundation of every compilation, every artifact and every byte we move. Below is how Pyvorin protects your code, your data and your users.
Security Model Overview
Defense in Depth
Multiple independent layers protect against single-point failures: licence validation, session hardening, sandboxed builds and artifact signing.
Observability First
Every access, build and fallback is logged. Anomalies trigger alerts. Logs are immutable and retention-bound.
Zero-Trust Networking
Internal services authenticate every request. Network boundaries are enforced at the application layer, not just the firewall.
Correctness by Default
Every compiled result is checked against CPython output. Unsupported constructs never silently degrade - they fail safe.
Authentication Layers
Licence Key
Every installation is bound to a cryptographically signed licence key. Keys are validated server-side on activation and periodically refreshed. Revocation is immediate and global.
Session Management
Web sessions use httpOnly, secure, SameSite=Strict cookies with rotated signatures. Idle timeout is 30 minutes; absolute timeout is 8 hours.
JWT (API Access)
API tokens are short-lived RS256-signed JWTs with explicit audiences and scopes. Refresh tokens are bound to device fingerprinting.
Role-Based Access Control (RBAC)
Permissions are granted through roles, not direct privileges. Roles are versioned and changes are audited. The principle of least privilege is enforced by default.
Build & Runtime Security
Artifact Signing
Every compiled artifact is signed with HMAC-SHA256. The build pipeline verifies the signature before distribution; the runtime verifies it before loading.
Sandboxing
Compiler workers run inside best-effort Linux namespaces (unshare) with setrlimit constraints on CPU, memory and file descriptors. Full container sandboxing is on the roadmap.
Correctness Verification
Every compiled result is checked against CPython output on a representative input set. Any mismatch aborts the build and returns a detailed diff.
Fallback Safety
Unsupported language constructs never silently degrade to interpreted mode. The compiler rejects them with a precise error and suggestions for refactor.
Data Handling
- Minimal collection: We only store what is required for licensing, billing and support. Source code is processed in memory and never persisted unless explicitly opted in.
- Server-authoritative billing: All usage counters are computed server-side. Clients report telemetry, but the server is the single source of truth for invoices and limits.
- Encryption at rest and in transit: TLS 1.3 for all public traffic. AES-256-GCM for data at rest. Key material is stored in a hardware-backed keystore where available.
- Retention limits: Build logs are retained for 90 days. Telemetry aggregates are retained for 12 months. You can request deletion at any time via support@pyvorin.com.
Planned Hardening
mTLS Everywhere
Mutual TLS between all internal services. Certificate pinning for CLI-to-API connections.
Request Signing
HMAC-SHA256 request signatures for API calls with replay-window nonces.
Container Sandbox
gVisor or Firecracker-based micro-VMs for every compiler worker. Full network isolation.
Compliance
SOC 2 Type II
Audit in progress. Target: Q3 2026.
GDPR
Data Processing Agreement available on request. EU data residency planned.
Responsible Disclosure
If you discover a security vulnerability, please report it directly to our security team. We respond to all reports within 48 hours and publish coordinated disclosures once fixes are deployed.
1. Encrypt sensitive details with our PGP key (on request).
2. Do not publicly disclose until we confirm the fix is live.
3. We do not pursue legal action against researchers who act in good faith.