Trust center

Built privacy-first.

Talos Auditor was designed so that teams with strict IP and compliance requirements can still get team-level AI usage visibility. The default is maximum privacy: only aggregate numbers leave developer machines.

The three privacy modes

Every team picks one of three modes. All modes send token counts and model names so you get cost analytics — the difference is what happens to the prompt text itself.

Off

Default

Only token counts, timestamps, model names, and a salted hash of the working directory leave the agent.

No prompt or completion text ever touches our servers.
No tool arguments, no tool results, no code snippets.
Best for teams with strict IP/compliance requirements.
You still get full cost analytics, developer/project breakdowns, session timings, and cache-hit analysis.

Categorize — Local

Prompt text is analyzed on each developer's own machine by Ollama. Only a 2-line structured summary reaches our servers.

Developer runs ollama serve + pulls llama3.1:8b (one-time, ~4.7GB).
The agent sends the prompt to localhost:11434, receives a JSON { category, task_hint, project_hint, confidence }.
Only that structured output is transmitted. Raw prompt never leaves the laptop.
Gives managers the 'what is the team working on' view with zero raw-content exposure.

Categorize — Cloud

Prompt text is processed at the Cloudflare edge by Claude Haiku, then immediately discarded. Only the structured output is stored.

Prompt reaches a Cloudflare Worker, is passed to Anthropic's API for categorization, and garbage-collected when the request finishes.
We never write prompt text to disk or R2. No plaintext logs.
Same 1–2 line structured output stored in D1.
~$0.002 per prompt. Recommended for most teams.

Full content

Full prompt + completion is archived to R2 per team retention, enabling replayable session timelines.

Use when you need to review exactly what was discussed in a session.
Stored encrypted-at-rest in Cloudflare R2, scoped per team.
Retention: 30 days / 90 days / 1 year / forever — team admin chooses.
Disabled by default. Requires explicit admin opt-in and should only be used with developer consent.

Data flow

Diagram below shows exactly where each kind of data goes. Token counts always flow to our servers; prompt text flow is gated by the mode.

Agent reads ~/.claude/projects/*.jsonl and Cursor local logs in tail-only mode. Historical content is skipped.
The working directory path is SHA-256 hashed with a per-team salt before leaving the machine. We store the hash, never the path.
Agent token is stored in your local ~/.config/talos-auditor/ (mode 0600). Server only stores a SHA-256 of the token with a pepper.

Subprocessors

The companies we use to run Talos Auditor. Each processes a specific slice of data — details below.

Provider	Purpose	Data seen
Cloudflare	Workers, D1, R2, Queues, Durable Objects — all compute + storage	All telemetry, encrypted at rest by default
Anthropic	Claude Haiku (categorize cloud mode) + Sonnet (AI reports)	Aggregate numbers for reports. Categorize-cloud mode: prompt text processed, not retained.
Clerk	Dashboard sign-in + organization membership	Email address, organization name, session tokens
Stripe	Per-seat subscription billing	Billing email, payment method, seat count. No usage content.
Slack	Optional integration for reports and alerts	Aggregate summaries posted to the channel you choose
Resend	Transactional email (team invites, trial reminders, weekly digest)	Email address + summary content. Invite emails include the team name and inviter.

Retention

Aggregated metrics (cost, tokens, session counts): retained forever, scoped to your team. Tiny data volume.
Raw content (only when privacy mode = full): retained per team's choice — 30 days, 90 days (default), 1 year, or forever. A nightly job (03:30 UTC) prunes R2 blobs older than the cutoff and records the result in the team's audit log.
Categorize output (category labels, task hints): prunes on the same schedule as raw content.
Audit log: retained for 2 years regardless of the team's telemetry retention setting. Compliance trail lives longer than usage data.
On team deletion: 30-day soft delete grace period, then hard delete of all R2 prefixes and D1 rows for the team.

Security controls

Encryption in transit

All traffic uses TLS 1.2+ (Cloudflare-managed certs). The agent and dashboard only talk to HTTPS endpoints.

Encryption at rest

D1 and R2 are encrypted at rest by Cloudflare. Integration tokens (Slack, etc.) are additionally AES-GCM encrypted with a per-deployment KMS_KEY.

Agent outbox at rest

The local offline-safe outbox on each developer's machine is AES-GCM-256 encrypted. The key lives in the OS keychain (macOS Keychain / libsecret), not on disk.

Token hashing

Agent tokens are SHA-256(token + pepper) in D1. Plaintext shown once at install time, never retrievable server-side.

Rate limiting

Per-team Durable Object token bucket protects the ingest pipeline from runaway agents. Default: 10k events/min.

Audit log

Every admin action (invite, role change, privacy mode change, token rotation, integration install) is logged with actor, timestamp, and metadata.

Least privilege

Agent tokens are scoped to one team + one developer. Worker secrets are access-controlled by Cloudflare Access; only deploy CI has write.

Incidents & questions

Current service health and incident history are on the status page. We haven't had a security incident to date. If you suspect one, email info@talosfoundrix.com. We respond within 24 hours. For architecture questions or a security review before onboarding, use the same address.

Read the docs →