Security & data handling
Your code is yours. We built around that.
Corvi's security model is tied to your tier. Below is exactly where your data lives, how it's protected, and what we can and can't see — written plainly, no hand-waving.
Personal
Local-only
On Free and the one-time license, your plans and workspace data never leave your Mac unless you explicitly send a request to a model provider with your own key. There's no Corvi account and no Corvi server in the loop.
Pro & Team
End-to-end encrypted (zero-knowledge)
Sync is encrypted on your device before it leaves. Keys are derived on your devices; Corvi's servers store only ciphertext and cannot read your plans. We sync to let your devices and teammates share — not to see your content.
Enterprise
Self-hosted
Run the relay and storage inside your own environment. Your data stays within your network and policies; Corvi never touches it. Pair with SSO, audit exports, and data-residency controls.
How we protect your data
Encryption at rest & in transit
All network traffic uses TLS. Synced data is end-to-end encrypted on Pro and Team; local credentials are encrypted at rest on your Mac.
An egress audit — "what left this machine"
Every outbound tool call is opt-in per integration, capped by a fetch budget, and recorded with its arguments hashed. You can see precisely what data left your machine and why.
A security broker as a trust boundary
The engine reads your repository only through a broker that scopes what it can see to the workspace you choose. Untrusted content is wrapped before it reaches a model.
Bring your own model keys
Provider keys are yours. Corvi resolves them from your environment or encrypted local storage — never from a shared Corvi-held credential.
Subprocessors
The list below is a placeholder pending launch. Personal/local-only usage involves no Corvi subprocessors at all.
| Subprocessor | Purpose | Region |
|---|---|---|
| Model providers | AI inference (only when you invoke a run, with your key) | US / EU |
| Cloud sync provider (placeholder) | Stores end-to-end encrypted ciphertext (Pro/Team) | EU |
| Collaboration relay (placeholder) | Real-time multiplayer transport (Team) | EU |
| Error monitoring (placeholder) | Crash & diagnostics (opt-in) | EU |
Compliance & certifications
We'd rather be honest than aspirational: Corvi does not yet hold SOC 2 or ISO 27001. We'll pursue formal certification as Enterprise demand warrants it, and we'll publish progress here. In the meantime, self-hosting keeps your data entirely within your own compliance boundary.