|
|
|
|
|
|
by egamirorrim
14 days ago
|
|
|
How can I have any confidence in the security of your product? It's extremely hard to convince myself to use a product for the huge variety of often sensitive agent tasks when it's not open source. I understand the business reasons for that, but it's unusual in this space at the moment. Instead: Can you post any independent security assessments perhaps? Fundamental things like SOC2? |
|
|
The basic answer is that it runs locally. If you turn telemetry off and don't use our free Gemini credits, it's trivial to verify that no traffic goes to our servers other than a tiny subscription check. For our enterprise customers, we offer a version that doesn't even do that. Everything stays between you and your model providers (and we support custom and local models).
SOC2 is still a work in progress. I'm a former security researcher with work featured in the New York Times, and I know that doing it right (and not going through Delve) takes time. I can tell you that we have passed a compliance check for a company in a highly-regulated space.
I didn't find your contact info, but I'm available at jimmy@cc.dev, and happy to discuss your needs.