Security & Privacy - Pyvorin Docs

Source Code Handling

By default, Pyvorin does not upload raw source code. It sends a SHA-256 hash of your source to the compile API. Raw source upload is opt-in via PYVORIN_THIN_SEND_SOURCE=1.

License Key Security

Your license key is stored locally in thin_config.json. When transmitted to the server, it is hashed (SHA-256) — the raw key is never sent in plain text.

Telemetry

Usage events contain:

License key hash (not the raw key)
Workload hash (not the raw source)
Backend used, fallback status, correctness result
Execution time

Events are non-billable if correctness fails or fallback was used. You can disable telemetry: pyvorin telemetry off

Local Data

~/.pyvorin/cache — compiled artifact cache
~/.pyvorin/usage — local usage event JSON files
~/.pyvorin/queue — offline event queue