privacy is the moat

Your source stays
on your machine.

Most memory tools ask you to trust them with your code. SecondOS is built so you do not have to. We store the map, not the code, and give you a self-host path when even the map should stay home.

What leaves your machine

One rule, enforced end to end: the map crosses, the source never does.

privacy by default

The map, not the code

We upload the structure-aware map (symbols, signatures, routes) and embeddings. File bodies are read and embedded on your machine; only the vector and line references persist. Value-level redaction strips inline secrets first, and every skipped secret is surfaced to you rather than silently dropped.

Prefer zero cloud? Self-host →
# what leaves your machine
map.json      ✓  symbols, routes, signatures
vectors.json  ✓  embeddings only (no source)
── your source ──   ✗  read locally, never uploaded
── .env / *.key ──  ✗  never read
── inline secret ── ✗  redacted + surfaced to you

Map only, never source

We upload symbols, signatures and routes plus embeddings. File bodies never leave your machine. There is nothing to leak because the source was never sent.

Secrets skipped, then surfaced

Files like .env, *.key, *.pem and credentials are never read. Inline keys are stripped by value-level redaction before anything is embedded — and we tell you, never silently.

Encrypted integration keys

Connect ClickUp or GitHub and the credential is hashed and encrypted at rest, following the same vault pattern as our auth tokens. Every action is written to an audit log.

Self-host when you need it

Prefer zero cloud? Run the whole map and memory layer inside your own perimeter. Nothing crosses your trust boundary because there is no boundary to cross.

Self-host: nothing leaves at all

On Enterprise you run the full map and memory layer inside your own infrastructure. The cloud is optional, not assumed.

enterprise

Your infrastructure, your boundary

Deploy the API, extractor and memory store on your own hosts. Point your AI tools at your instance over MCP. There is no external hop, so compliance review is a deployment question, not a data-sharing one.

See Enterprise →
# self-hosted topology
your-ci        → extract map (runner)
your-host      → SecondOS API + store
your-tools     → MCP → your-host
── external hop ──  ✗  none

Security FAQ

Can SecondOS reconstruct my code from the map?

No. The map is names, signatures and structure plus vector embeddings. There is no file body to reconstruct from — it was never uploaded.

What happens if there is a key inline in my code?

Value-level redaction strips it before embedding, and the finding is surfaced to you. We fail loud, not silent — you always know what was skipped.

Where does the GitHub App run extraction?

On the runner, inside your CI boundary. Only the resulting map and vectors are sent to the cloud. The source-never-leaves invariant holds on the runner too.

How are ClickUp / GitHub keys stored?

Hashed and encrypted at rest in a credential vault, never logged in plaintext. Writes through the action layer require an explicit confirm and are audit-logged.

Trust that you can verify, not just take.

> daemon: kaynağın makinende kaldı. ben sadece haritayı gördüm.

>