Trust Center
This Trust Center provides comprehensive documentation of Context Pilot's security architecture, data handling practices, compliance posture, and third-party service integrations. It is designed to support enterprise security reviews, vendor risk assessments, and procurement due diligence.
At a Glance
Quick-reference summary for security review teams and procurement questionnaires.
| Question | Answer |
|---|---|
| Does Context Pilot collect user data? | No. No data collection infrastructure exists. |
| Does Context Pilot operate cloud servers? | No. All processing occurs on the operator's workstation. |
| Does Context Pilot include telemetry? | No. Zero analytics, tracking, or phone-home mechanisms. |
| Where is data stored? | Locally, in .context-pilot/ within the project directory. |
| What data leaves my machine? | Only data you explicitly send to your configured LLM/search/OCR providers. |
| Is the source code auditable? | Yes. Fully open-source under the MIT License on GitHub. |
| What license? | MIT License. Permissive, no copyleft, commercial use allowed. |
| SOC 2 / ISO 27001 certified? | Not applicable (no cloud service). Controls are documented. |
| GDPR compliant? | Compatible by architecture. See Compliance. |
| Can it run air-gapped? | Core features: yes. LLM inference requires API connectivity. |
| Vulnerability reporting? | GitHub Security Advisories |
| Does it use cookies? | No. Zero cookies, tracking pixels, or advertising identifiers. |
Project Statistics
Quantitative indicators of the project's maturity, engineering rigor, and security posture.
65,000+ Lines
Rust + TypeScript source code across the agent, orchestrator, and web frontend.
760+ Commits
Complete, auditable development history in a public Git repository.
1,001 Lint Rules
980 at forbid level, 21 at deny. No suppressions allowed without hash chain update.
22 Crates
Modular workspace architecture. Each crate has a single responsibility.
12 Protected Files
SHA-256 hash chain prevents unauthorized changes to security-critical configuration.
0 Telemetry Calls
No analytics, tracking, crash reporting, or phone-home mechanisms. Verifiable in source.
Security Posture Summary
Context Pilot operates under a local-first architecture with no cloud infrastructure, no intermediary proxies, and no telemetry collection. The following controls are enforced at the architectural level.
Local-First Execution
All processing occurs on the operator's workstation. No cloud infrastructure exists for data to be transmitted to.
Zero Telemetry
No analytics, usage tracking, crash reporting, or phone-home mechanisms. Network egress is limited to user-configured API providers.
Open Source (MIT)
Complete source code is publicly auditable under the MIT license. Every network call, file operation, and tool invocation is verifiable.
API Key Isolation
Credentials are stored locally and transmitted only to their designated provider endpoint. No cross-provider or intermediary routing occurs.
Documentation
Select a topic below for detailed documentation. Each section is designed to address specific categories commonly required during enterprise security assessments.
Security Architecture
Data flow architecture, encryption practices, integrity controls, access model, and incident response procedures.
Data Privacy
Data classification, storage locations, retention policies, data subject rights, and privacy-by-design controls.
Compliance Framework
Regulatory alignment assessment including GDPR, SOC 2, ISO 27001, and open-source licensing obligations.
Subprocessor Register
Complete inventory of third-party services, data transmitted, opt-in requirements, and provider-specific data processing details.
Contact
For security-related inquiries, vendor risk assessment questionnaires, or to report a vulnerability, please use the appropriate channel below.