guides
Compliance and Data Privacy
GDPR, SOC 2, and HIPAA considerations when using Pyvorin.
Published May 30, 2026
GDPR
- Pyvorin does not store raw source code by default.
- Workload hashes are irreversible SHA-256 digests.
- Usage events contain no personally identifiable information.
- Right to erasure: delete local
~/.pyvorin/directory.
SOC 2
- All API traffic is TLS 1.2+ encrypted.
- License keys are hashed before transmission.
- Access logs are retained for 90 days.
HIPAA
For healthcare workloads:
- Do not enable raw source upload for PHI-containing code.
- Use on-premise / self-hosted compiler if required.
- Sign a BAA with Pyvorin for Enterprise plans.
Data Residency
Enterprise customers can select EU or US API regions:
export PYVORIN_THIN_API_BASE_URL=https://api-eu.pyvorin.com