DevhelionDevhelion
    DocsPricingLogin
    Documentation

    Documentation

    • Devhelion Tutor
    • Getting Started
    • CLI Commands
    • Analytics Dashboard
    • API Reference
    • Devhelion API UsageBeta
    • Self-Hosting
    • Privacy & Security
    • Troubleshooting
    • Beta: OrchestrationBeta
    1. Docs
    2. Privacy & Security

    Privacy & Security

    We automatically scrub API keys and other PII from your agent history to keep your data secure.

    Privacy-First Design

    Devhelion Tutor automatically scrubs sensitive information from your agent history to keep your data secure. API keys, secrets, and other personally identifiable information are detected and removed before storage, ensuring your privacy while providing meaningful analytics.

    What Devhelion Tutor Collects

    Devhelion Tutor collects agent interaction data while automatically scrubbing sensitive information:

    βœ“ We Collect

    • Agent Interactions: Conversations with AI tools (after PII scrubbing)
    • Timestamps: When you used AI tools
    • Tool Names: Claude Code, Cursor, GitHub Copilot, etc.
    • Token Counts: Input/output token usage
    • Project Names: Repository/folder names (not contents)
    • Event Types: Chat, completion, edit, etc.
    • Session IDs: For grouping related interactions

    πŸ”’ Automatically Scrubbed

    • API Keys: Detected and redacted from all interactions
    • Access Tokens: OAuth tokens, JWT tokens, auth headers
    • Environment Variables: Secret keys, passwords, configs
    • Personal Information: Emails, phone numbers, addresses
    • Database Credentials: Connection strings, passwords
    • File Paths: Sensitive directory paths and usernames

    Example Data Point

    {
  "timestamp": "2024-10-02T14:23:15Z",
  "tool": "claude-code",
  "event_type": "completion",
  "project": "my-react-app",
  "tokens_in": 150,
  "tokens_out": 300,
  "session_id": "sess_abc123"
}

    This is what we collect - no actual code or prompts, just metadata.

    Data Storage & Security

    Local Storage First

    By default, all analytics data is stored locally on your machine in an encrypted database. Data never leaves your computer unless you explicitly enable cloud sync or export features.

    • Local SQLite database with encryption at rest
    • Stored in your user directory (not shared with other users)
    • Can be deleted anytime by disabling Tutor

    Optional Cloud Sync

    For team analytics and cross-device access, you can optionally enable secure cloud sync:

    • End-to-end encryption before transmission
    • Zero-knowledge architecture (we can't read your data)
    • GDPR and SOC 2 compliant infrastructure
    • Can be disabled anytime

    Team Data Isolation

    When using team features, data is strictly isolated:

    • Each team has separate encryption keys
    • No cross-team data access possible
    • Team administrators control member access
    • Leave team = immediate data access revocation

    Your Control & Rights

    Data Control

    • Enable/Disable: Full control via CLI
    • Export Data: CSV/JSON export anytime
    • Delete Data: Complete removal on demand
    • Pause Collection: Temporary stops without data loss

    Privacy Rights

    • Right to Access: View all collected data
    • Right to Rectification: Correct inaccurate data
    • Right to Erasure: Complete data deletion
    • Right to Portability: Export in standard formats

    Complete Control Commands

    Devhelion disable

    Stop all data collection immediately

    Devhelion export --format=json

    Export all your data for backup or migration

    Devhelion delete --confirm

    Permanently delete all collected analytics data

    Compliance & Standards

    GDPR Compliance

    Devhelion Tutor is designed to comply with GDPR requirements:

    • Lawful basis: Legitimate interest (productivity analytics)
    • Data minimization: Only essential metadata collected
    • Purpose limitation: Data used only for stated analytics purposes
    • Storage limitation: Configurable retention periods
    • User rights: Full access, export, and deletion capabilities

    Security Standards

    • Encryption: AES-256 encryption at rest and in transit
    • Access Control: Role-based permissions for teams
    • Audit Logging: All data access logged and monitored
    • Regular Updates: Automatic security patches
    • Penetration Testing: Regular third-party security audits

    Transparency & Trust

    Open Source Components

    Key parts of Devhelion Tutor are open source for transparency:

    • Data collection agents (GitHub: Devhelion/tutor-collectors)
    • Encryption libraries (audited implementations)
    • API interfaces (full specification published)
    • Privacy compliance tools

    Regular Audits

    • Annual privacy impact assessments
    • Quarterly security penetration testing
    • SOC 2 Type II certification (enterprise)
    • Independent privacy audits

    Maximum Privacy: Self-Hosting

    πŸ›‘οΈ Ultimate Privacy & Control

    For maximum privacy and security, deploy Devhelion on your own infrastructure. Your data never leaves your network, giving you complete control over your AI analytics.

    5-Minute Quick StartFull Self-Hosting Guide

    πŸ”’ Zero Cloud Dependency

    Run Devhelion entirely on your own servers. No data ever touches our cloud infrastructure.

    🏒 Enterprise Ready

    Integrates with your existing authentication, databases, and compliance systems.

    ⚑ Easy Deployment

    Single binary deployment. Works on Linux, macOS, Windows. No complex setup required.

    πŸ’‘ Perfect For

    • β€’ Government agencies and defense contractors
    • β€’ Financial institutions with strict compliance requirements
    • β€’ Healthcare organizations handling PHI
    • β€’ Enterprises with proprietary codebases
    • β€’ Any organization requiring air-gapped deployments

    Frequently Asked Questions

    Can Devhelion Tutor see my code?

    No. Devhelion Tutor is architecturally designed to never collect, transmit, or store your actual code. We only track metadata like timestamps and token counts.

    What happens to my data if I stop using Devhelion?

    You can export all your data before leaving, and we'll delete everything within 30 days of account closure. Local data is deleted immediately when you disable Tutor.

    How does team analytics work while maintaining privacy?

    Team analytics aggregates metadata (like total token usage) without exposing individual patterns. Each team member's detailed data remains private to them.

    Can I use Devhelion Tutor in a corporate environment?

    Yes. Since no code is collected, Devhelion Tutor is safe for use with proprietary codebases. Many enterprises use our local-only mode for maximum security.

    How does self-hosting compare to the cloud version?

    Self-hosting provides identical functionality with maximum privacy. Your data never leaves your infrastructure, you control all retention policies, and you can customize authentication and compliance settings.Learn more about self-hosting.

    Questions or Concerns?

    We're committed to transparency and privacy. If you have questions about our data practices:

    Getting Started

    Learn how to enable privacy controls during setup.

    Self-Hosting

    Deploy on your own infrastructure for maximum privacy.

    Support

    Get help with privacy settings and data management.

    Privacy Policy: For complete legal details, see ourPrivacy Policy andTerms of Service.

    DevhelionDevhelion

    Not another agentβ€”a telemetry vault + API you can trust.

    Product

    • Pricing
    • Support

    Developers

    • Documentation
    • API Reference
    • GitHub

    Β© 2025 Devhelion. All rights reserved.

    Privacy PolicyTerms of Service