Security · private beta

What actually happens to your code

No SOC 2 theater. No “military-grade” copy. This page describes how Catalyst works today — local IDE, managed cloud, billing, and privacy defaults — so you can decide if it fits your risk tolerance.

Private beta honesty. Catalyst is early. We run a small Fly.io API + Postgres, Stripe for payments, and Anthropic/xAI for cloud models. We have not completed a formal third-party audit. If you need that bar, stay local-only or wait for enterprise packaging.
Default

Privacy Mode on

Training telemetry defaults to privacy mode: outcomes only, not full code trajectories. JRVS training requires explicit opt-in.

Local

IDE on your machine

Editor, terminal, and project files live on disk you control. Closing the app does not leave a hosted workspace full of your repo.

Cloud AI

Providers see prompts

When you run managed cloud models, prompts/context go to Anthropic and/or xAI under our platform keys. Same reality as any hosted agent product.

Where data goes

Most confusion comes from mixing “local IDE” with “cloud agent.” These are different paths.

Data Where it lives Who can see it
Project files on disk Your computer (desktop app) You. Not uploaded unless a cloud agent/request sends context.
Cloud agent prompts & context Sent to model providers for that request Anthropic / xAI (and OpenAI if enabled) process the request. We meter usage in CBT.
Account email, plan, credits Our Postgres (Fly-hosted API) NYPTID ops for support/billing; you via dashboard.
Card & payments Stripe Stripe. We store customer id, payment method id, and card fingerprint for trial abuse prevention — not full PAN.
Usage ledger (CBT) Our Postgres You (dashboard) and us (billing integrity). Reasons + deltas, not full source trees.
Training traces (optional) Our API storage when consented Default Privacy Mode: outcomes only. Full trajectories only if you turn Privacy Mode off and opt into JRVS training.
Auth tokens JWT access (short-lived) + refresh on your client Bearer tokens to our API. Keep the desktop signed-in machine under your control.

Cloud AI — the realistic threat model

If you use Pro / trial cloud models, treat it like Cursor’s cloud agent or any SaaS LLM: whatever you put in the prompt (and retrieved context) is processed by a model provider. We do not run a zero-knowledge LLM. We do not promise providers never train on API traffic — that is governed by their enterprise/API terms and our account configuration with them.

  • Managed production cloud uses platform keys (product UX, not a key-passthrough shell).
  • Free trial is locked to Claude Haiku 4.5 + Grok 4.20 Reasoning to limit cost and blast radius.
  • Spend caps and included Catalyst Credits bound runaway agent loops.
  • API rate limits apply globally and on AI routes to reduce abuse.

For secrets (production keys, customer PII dumps, regulated data): prefer local-only work, redacted samples, or wait for enterprise controls (SSO, VPC, customer-managed keys) — those are roadmap, not shipped claims.

Privacy Mode & JRVS training

Desktop defaults: privacyMode = true, trainingConsent = false.

  • Privacy Mode on — training pipeline stores interaction outcomes only (ship/fail, scores, thumbs). Code bodies are not kept for JRVS training.
  • Opt-in training — turning Privacy Mode off and enabling “Train JRVS on my usage” allows full trajectories (prompts, loop stages, optional preview screenshots) for self-learning. Explicit dual control.
  • Telemetry emission is best-effort and never blocks the agent UX.

This is Cursor-shaped: privacy by default, research data only with consent.

Agent permissions on your machine

The desktop agent can edit files and run terminal commands in your project. That is the product. You control how aggressive it is:

  • Run modes in settings: ask / sandbox / run-everything (you choose the autonomy slider).
  • MCP tools and browser automation are user-configured — do not enable untrusted MCP servers.
  • Cloud sandbox sessions exist for some remote agent paths; the primary loop is still your local workspace.

Treat agent shell access like giving a junior engineer a terminal on your machine. Review diffs. Use git. Don’t point it at production credentials without a plan.

Accounts, auth, and billing

  • Sign-in via our API (JWT access + refresh). Google OAuth when configured.
  • Passwords (if used) are hashed; secrets for JWT are server-side env vars.
  • Stripe Checkout / Customer Portal for paid plans; signed webhooks when STRIPE_WEBHOOK_SECRET is set.
  • Free trial requires a debit/credit card: prepaid rejected, card fingerprint uniqueness, optional $1 verify-and-refund, rate-limited activation.
  • We store Stripe customer id, default payment method id, and fingerprint for abuse prevention — not full card numbers.

Updates & supply chain

Desktop releases publish version metadata (including SHA512 when provided) on the public feed used by the website and in-app updater. Prefer downloads from catalyst.nyptid.com only — not third-party mirrors.

Installer integrity is as good as the feed + TLS to our API/CDN. We are not claiming SLSA L3 or signed Windows Authenticode for every private-beta build yet — check the release notes for the build you install.

Infrastructure (today)

  • API on Fly.io (HTTPS), regionally small scale for private beta.
  • Postgres for users, wallets, ledgers, trial redemptions.
  • TLS in transit to our API and to providers. DB SSL configurable; production uses encrypted links to managed Postgres.
  • Rate limiting on the API; stricter caps on AI endpoints.

Single-region, single-team ops. No multi-region active-active, no customer VPC peering, no on-prem appliance — if you need those, talk to us for Enterprise roadmap rather than assuming they exist.

What we do not claim (yet)

  • SOC 2 Type II / ISO 27001 certification completed
  • HIPAA / FedRAMP / PCI DSS as a product attestation (Stripe is PCI; we are not a card vault)
  • Zero-knowledge cloud agents (providers process prompts)
  • End-to-end encryption of all training telemetry by default
  • Guaranteed model-provider “no training” without verifying their current API terms
  • Perfect sandbox isolation that survives “run everything” mode

We’ll update this page when those change. Overclaiming is a security bug.

Report a vulnerability

Email security@nyptidindustries.com with steps to reproduce, impact, and whether you’re okay with coordinated disclosure. Please do not open public issues for active zero-days.

Account / billing: support@nyptidindustries.com. Privacy policy: privacy.html.

Prefer local-only?

Download the IDE free. Start a cloud trial only when you want managed Anthropic + xAI agents.