Pyvorin Docs

Security & Privacy

Pyvorin is built with a security-first, privacy-by-default model. No secrets are stored in the thin client wheel, and source upload is opt-in.

Security Model

Zero Secrets in the Thin Wheel

The pyvorin-thin package contains no embedded API keys, certificates, or credentials. All authentication is derived from your licence key, which is stored locally and hashed before transmission.

HMAC Artifact Signing

Compiled artifacts returned from the remote compiler are signed with HMAC-SHA256. The thin client verifies the signature before loading any shared object, preventing tampering in transit or at rest.

Sandboxed Compile Worker

Remote compilation runs inside isolated workers with restricted filesystem and network access. Compilation jobs cannot access customer data, other jobs, or the host environment.

Input Validation

The thin client rejects suspicious files before upload:

  • Files containing hardcoded secrets or credential patterns
  • Files with unsafe import patterns
  • Non-Python files passed to the compile command

Privacy Practices

Source Upload is Disabled by Default

By default, the thin client sends only a fingerprint (hash) of your code. Raw source is never uploaded unless you explicitly:

  1. Pass --include-source to the compile command, and
  2. Set PYVORIN_THIN_SEND_SOURCE=1 in your environment.

Telemetry Can Be Disabled

Telemetry is enabled by default to help us improve the compiler. You can disable it at any time:

pyvorin-thin telemetry off

Or set the environment variable:

export PYVORIN_THIN_TELEMETRY_ENABLED=false

Data Retention

When telemetry or usage events are enabled:

  • Local queue events are retained for 30 days by default (configurable via queue_retention_days).
  • Server-side retention follows the Pyvorin data policy outlined in the Privacy Policy.

No Raw Source on Opt-In Uploads

Even when source upload is enabled, Pyvorin does not use your code for model training, redistribution, or third-party sharing. It is used solely for compilation and debugging the specific job.

GDPR Notes

  • Lawful basis: Usage data is processed under legitimate interest for service delivery and fraud prevention.
  • Data minimisation: Only hashed identifiers, timing metrics, and error summaries are collected. No PII is required.
  • Right to deletion: Contact support to request deletion of account-associated data.
  • Right to object: Disabling telemetry stops all non-essential data collection immediately.

Compliance Checklist

ControlStatus
No secrets in package✅ Verified
Licence key hashed before transmission✅ Verified
Artifact HMAC signing✅ Verified
Sandboxed compilation workers✅ Verified
Source upload opt-in only✅ Verified
Telemetry opt-out supported✅ Verified