Trust / Security
Security & Trust.
MeshPilot is built for developer workflows that require absolute user oversight, credential care, and clear system boundaries.
Security Pillars
Local-First Data Isolation
MeshPilot operates with a local-first design. Your source code files, configurations, and MeshMemory stores remain fully on your local machine. They are never uploaded or parsed on our remote servers.
Scoped Credential Care
API keys and model provider tokens are kept in system-level secure credential stores (e.g. Keychain / Credential Manager). We never log, view, or transit your credentials across our networks.
Device OAuth Authorization
Connected desktop applications receive scoped authorization tokens only after explicit browser-level PKCE confirmation. Master credentials and sessions remain isolated inside the browser flow.
Standards & Audits
Automated Release Auditing
Release packages, binary downloads, and dependencies undergo continuous automated vulnerability analysis to guarantee secure supply chain integrations.
MFA & Identity Management
User dashboard authentication is secured by modern Multi-Factor Authentication (2FA) and Google OAuth integrations. 2FA is highly encouraged for preview developers.
Compliant-First Architecture
Designed around data minimization principles. We maintain compliance with data privacy frameworks by not storing your project data in the cloud by default.
Vulnerabilities
Responsible Disclosure
We take the security of our services and products seriously. If you believe you have discovered a vulnerability, please reach out to us directly. We investigate all reported issues and coordinate remediation promptly.
Security Contact
security@meshpilot.inEncrypt details containing sensitive configurations. Reports are reviewed within 24 hours.
For detailed legal terms and policy documents, please review our legal guidelines: